Michigan State University IT Services Support website

How to report computer system and network abuse originating from MSU - TB6633

This item provides information on these topics:

Overview

All users of computer and network systems at Michigan State University are expected to abide by the Acceptable Use Policy for MSU Information Technology Resources.

Users are also expected to abide by other computer system or network acceptable use policies for any computer system at Michigan State University or at any other institution which has an applicable usage policy. Users are also expected to abide by any and all other policies and regulations at Michigan State University, and any applicable federal, state, and local laws or ordinances, to the extent that any computer or network systems belonging to Michigan State University were used.

Very often, however, the network or computer abuse issue can be traced to a domain outside of MSU. In these cases, that issue needs to be reported to the Internet Service Provider (ISP) for that domain.

See the guidelines below for details on sending abuse reports to the proper authorities, either within or outside of MSU.

First, verify origin of the abuse

It is important to know the origin of the computer system or network abuse in order to report it to the proper authorities. For instance, in the case of e-mail abuse, the info in the "From:" field is usually unreliable. Very often, the "From:" address is forged; replying to that address will generally be unproductive, as would be forwarding that message to the "@" ISP.

Violations or abuse of computer or network systems belonging to other organizations, or under the control of Internet Service Providers with no connection to Michigan State University, should be reported to that organization's "abuse" department. Most organizations support the e-mail address "abuse@organization".

If you are reporting "spam" or other e-mail violations from external sources, be sure to include the full e-mail headers from the offending e-mail message in any report you send to the organization.

Techbase article 974 explains how find full email headers, and article 2045 explains how to analyze those email headers, to determine the source of the message.

Reporting abuse originating from MSU

You may report a violation of MSU's Acceptable Use standards or other related incidents via e-mail to: abuse@msu.edu. When reporting such incidents, be sure to comply with the requirements referred to in TB13211 - Reporting virus, spam, and abusive email.

When reporting abuse issues proven to originate from MSU, use the following guidelines. Be sure to include any details you have which will help in determining the origins of the abuse.

  • E-mail abuse (spam, e-mail viruses, or other unwanted e-mail)

    Forward a copy of the complete e-mail message to abuse@msu.edu. Be sure to include the full e-mail headers from the offending e-mail message. The standard e-mail headers (e.g. the "From:" line) often do not provide sufficient information, since the sender's address can easily be faked, and many recent e-mail viruses do exactly that. Also be sure to comply with the requirements referred to in TB13211 referred to above.

    If you have received many similar messages, forward one or two representative messages; we do not need to see every single message. If you continue to receive messages from the same source, please wait 2-3 business days before sending a similar message, unless you are receiving an extremely large number of such messages.

  • Network abuse (denial-of-service [DoS] attacks, port scans, attempts to bypass computer security)

    Be sure to include the following:

    • Time and date of the event (be sure to indicate the time zone of any timestamps)
    • The sending computer's IP address or DNS domain name
    • Type of incident

    In most cases, forwarding the relevant log entries would be the best action.

  • Copyright violations (movies, music, software, images, etc.)

    In most instances, we need to receive a report of such violation from the registered copyright owner, in accordance with the Digital Millennium Copyright Act (DMCA). Include the time/date discovered, the source IP address or DNS domain name, and the method used to access the files (e.g. FTP, HTTP/Web, KaZaa).

If at all possible, please send all data as plain text, either by copying and pasting into the message itself, or by using plain text attachments to your e-mail message (i.e., a ".txt" file extension). Avoid attachments such as Microsoft Word documents and images of screen shots; your message may be returned without action if the attachment(s) cannot be readily processed.

In most instances, it is not necessary to send log files or e-mail messages with thousands of lines of data. An excerpt or two from such sources is entirely satisfactory, as long as it provides the needed data.

Keywords for this Document

AU SAU reporting abuse AUP complaint violation spam spammers uce postmaster fishing phishing, hack hacking hacker hackers hacked, finding full e-mail header headers email track tracking display

Related Documents

Date Last Modified: 6/21/2013 3:56:21 PM

Was this document useful?