None of which are followed if there are any of these 'standards'. I can lookup the contact info for many sites registered with many differenet domain registrars, including the old 'standard' network solutions and find all the contact info to be bogus, phone numbers, e-mail addresses, snail mail addresses, all bogus. Even when the info is properly set, because so many sites are so cheaply obtained and setup, clueless folks don't know or follwo the 'standards' you refer to, such as postmaster account being dead or non-existant, root sometimes not even being set for mail, admin not set, and try and send repeated mails to either abuse@ or security@ and see how many bounces one gets. A 'standard' that's not followed and not enforced is non-existant. Thanks, Ron DuFresne On Thu, 21 Mar 2002, Meritt James wrote: > Oh, that's not quite the case. There are a LOT of standards! ;-) > > Ron DuFresne wrote: > > > > Oh, it's worse then this, since there is no real standard, try the > > discovery method of contact we have maintained for two years now, send > > mail to those listed as the technical contacts and or domain administers, > > and include copies to security@abusive-site.com as well as > > abuse@abusive-site.com, and then hit their upstream with the same > > configuration, this ussually gets somebodies interest. > > > > Thanks, > > > > Ron DuFresne > > > > On Mon, 18 Mar 2002, J Edgar Hoover wrote: > > > > > > > > More often than not, a goodhearted attempt to provide valuable information > > > leads to voicemail hell. > > > > > > These companies expect us to give them the results of thousands of dollars > > > worth of security research as a courtesy, and don't even bother to extend > > > the courtesy of a human reply. > > > > > > > > > Date: Mon, 18 Mar 2002 00:28:13 -0800 (PST) > > > From: J Edgar Hoover <zorchat_private> > > > To: securityat_private > > > Subject: leaked password > > > > > > > > > Verizon leaked a bunch of engineering docs. If you're using the superuser > > > passwd of ANS#150 anywhere, this would be a good time to change it. > > > > > > > > > On Mon, 18 Mar 2002, UUNET Internet Abuse Investigations wrote: > > > > > > > ** THE RETURN ADDRESSES ON THIS LETTER HAVE BEEN SET TO PREVENT MAIL ** > > > > ** LOOPS IN THE EVENT YOU ARE RUNNING SOFTWARE WHICH AUTO-REPLIES TO ** > > > > ** INBOUND MAIL. UUNET WILL NOT SEE ANY REPLY SENT TO THIS LETTER. ** > > > > > > > > To Whom It May Concern, > > > > > > > > Your message regarding ("leaked password") has been received by UUNET's > > > > Internet Abuse Investigations. > > > > > > > > To help us provide you with the best possible service, please refer to > > > > trouble ticket number B-TSI-005251134 somewhere in all correspondence > > > > (or if you should call Internet Abuse Investigations) regarding this > > > > matter. For your convenience, we have included it in the Subject line of > > > > this message, and will do so in any future correspondence. If you should > > > > need assistance in the future on a different issue, please do not re-use > > > > this same ticket number. > > > > > > > > **IF THERE ARE ANY THREATS OF DANGER OR BODILY HARM, IT IS ADVISED YOU > > > > CONTACT YOUR LOCAL LAW ENFORCEMENT IMMEDIATELY** > > > > > > > > UUNET Internet Abuse Investigations has received your notification of a > > > > security incident and considers this a serious matter. > > > > > > > > The mail address securityat_private will send your complaint to our ticket > > > > processing system where it will be picked up by an Investigator (usually > > > > within two hours). > > > > > > > > ************************************************* > > > > IF THE USER IS CONNECTED TO YOUR SYSTEM > > > > OR IS CAUSING A DENIAL OF SERVICE ATTACK > > > > ************************************************* > > > > > > > > Please call UUNET at 800.900.0241 (703.206.5440), option #2, then > > > > option #3, then option #1 to reach our Internet Abuse Investigations > > > > Team, 24 hours a day, seven days a week. Our first priority will be > > > > to stop the attack so you may return to normal business operations. > > > > > > > > ***************************** > > > > CERTIFICATION OF TIME STAMPS: > > > > ***************************** > > > > > > > > To help us accurately trace the originating connection, we request > > > > reporting sites certify the accuracy of any timestamps provided in logs > > > > or headers reported by its systems. Please indicate the timezone the > > > > logs are reporting or that the timezone is correct if shown in the logs. > > > > > > > > ***************************** > > > > COPYRIGHT INFRINGEMENT CLAIMS > > > > ***************************** > > > > > > > > UUNET's Interim Designation of Agent to Receive Notification of Claimed > > > > Infringement can be found at: > > > > http://www.us.uu.net/support/usepolicy/copyright.html > > > > > > > > If you want to report a copyright violation uner the Digital Millennium > > > > Copyright Act, send your complaint to: copyrightat_private > > > > > > > > *************************** > > > > SUSPECTED CHILD PORNOGRAPHY > > > > *************************** > > > > > > > > Also send your report to: > > > > US Customs <icpiccat_private> > > > > or > > > > FBI Innocent Images Squad (contact local field office) > > > > > > > > ******************* > > > > IRC CHAT ROOM ABUSE > > > > ******************* > > > > > > > > Please contact the site administrator for the IRC server you are > > > > connected to and register an initial complaint. > > > > > > > > ****************************************** > > > > WHAT UUNET CAN DO REGARDING YOUR INCIDENT: > > > > ****************************************** > > > > If UUNET identifies that the SECURITY incident originated from a UUNET > > > > customer site, UUNET will take action according to the Terms of > > > > Service contract. If UUNET identifies the originator as a customer of > > > > another ISP, UUNET may forward details about the SECURITY incident to > > > > the respective ISP. Generally, only the ISP of the originating site > > > > can enforce policies concerning this SECURITY incident. > > > > > > > > If you believe a crime has been committed, please contact the FBI > > > > Computer Crime Unit at (202) 324-9164 or (202) FBI-3000 or your local > > > > authorities. Law enforcement agencies will be requested to issue a > > > > subpoena to UUNET for information regarding your incident. > > > > > > > > Due to the volume of complaints we receive and the time required to > > > > investigate them, this may be the only response you receive regarding > > > > this incident. > > > > > > > > To view UUNET's Acceptable Use Policy, point your browser to: > > > > http://www.usa.uu.net/support/usepolicy/ > > > > > > > > Sincerely, > > > > > > > > Internet Abuse Investigations (800)900-0241 options 2,3,1 > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > "Cutting the space budget really restores my faith in humanity. It > > eliminates dreams, goals, and ideals and lets us get straight to the > > business of hate, debauchery, and self-annihilation." -- Johnny Hart > > ***testing, only testing, and damn good at it too!*** > > > > OK, so you're a Ph.D. Just don't touch anything. > > -- > James W. Meritt CISSP, CISA > Booz | Allen | Hamilton > phone: (410) 684-6566 > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 23:22:16 PST