We take matters of scanning, hacking, and other hostile activity very seriously, and we make every effort to investigate all reports of abusive activity in a timely manner.
When reporting unauthorized connection attempts, please follow these guidelines:
- Please take a careful look at your data to make sure that the offending host's IP address belongs to the ucsb.edu domain (i.e., the IP address looks like 128.111.nnn.nnn or 169.231.nnn.nnn).
- Send one event per email. For multiple events, send multiple emails. This will help ensure that each issue is addressed in the most efficient manner.
- Include all logs relevant to the event.
- Paste the relevant portion of the log in plain-text format into an email.
- Be sure your logs contain the following information:
- Date of incident
- Time of incident
- Time zone in which the logs are captured
- Source IP address or host name
- Destination IP address or host name
- Destination port
- A brief general description of the event
- Do not send repeated messages regarding the same event.
- Do not send multiple complaints in a single message.
- Do not send an entire log file. Include only portions of the log that pertain to the IP and event in question.
- Do not send attachments. We will not accept them.
- Do not send formatted text (Word, Excel, etc.).
- Do not include trace routes, whois lookups, or ping results, as these do not contribute to the investigation and can lead to the message's becoming unreadable.
Note: If you are using a personal firewall such as ZoneAlarm (tm), and your computer's IP address is dynamically assigned through DHCP, then please do not send reports about a computer in our domain attempting to connect to your host through a peer-to-peer file sharing service. Examples of peer-to-peer file sharing services are Kazaa, which will attempt to connect to port 1214, and GNUtella, which will attempt to connect to port 6346.
Send your report to security@ucsb.edu
ETA
