"Michael Nittmann, Principal Communications Analyst, The Trane Company (608 787
3792)" <NITTMANN @
# since we have seen the nice C stubs, we can do anything with it,
# I would add a third (my) strategy: reply nothing and start a process
# (just a rough C program) to analyze as fast and precise as possible
# (tracerouting, hopcount variation) where it comes from, what
# gateways it uses, and mail it to root. Next morning you have your
# collection of insomniacs in your mail, traced down to the origin.
# Friendly mail to the domain's contact will clear if it was a masked
# address, or it informs the foreign domain contact that somebody
# within his area of responsability is monkeying around.
# In case of repetition: mail to cert.
I would recommend never configuring a program to automatically mail
something to CERT. Someone at your site _really_ ought to review any
such messages before, perhaps, forwarding them on to CERT. If lots of
people did what you suggest above, CERT would spend a major amount of
their time fending off incoming email from whatever auto-reporting
system is broken today (just like 2/3 of my email is bounces from
whatever 6 or 10 addresses on the Firewalls mailing list happen to be
Brent Chapman Great Circle Associates
COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041