[43854] in North American Network Operators' Group
Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx
daemon@ATHENA.MIT.EDU (Adam McKenna)
Fri Oct 26 16:01:58 2001
Date: Fri, 26 Oct 2001 12:57:55 -0700
From: Adam McKenna <adam-nanog@flounder.net>
To: nanog@merit.edu
Message-ID: <20011026125755.B28213@flounder.net>
Mail-Followup-To: nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.WNT.4.33.0110260902230.1388-100000@neon>
Mail-Copies-To: never
Errors-To: owner-nanog-outgoing@merit.edu
I think that Alex's point is that if you want to *really* have a secure
network, you can't do it by sending out automated mails every time a stray
packet hits your network. That's likely to cause way more annoyance than any
good it could possibly do.
A much more effective way of proceeding would be to have a person looking at
each and every incident, deciding whether it merits a notice to the offending
network, and then sending a personal, non-threatening mail.
--Adam
--
Adam McKenna <adam@flounder.net> | GPG: 17A4 11F7 5E7E C2E7 08AA
http://flounder.net/publickey.html | 38B0 05D0 8BF7 2C6D 110A
