We take matters of scanning, hacking, and other hostile activity very seriously, and we make every effort to investigate all reports of abusive activity in a timely manner.

 

When reporting unauthorized connection attempts, please follow these guidelines:

  • Please take a careful look at your data to make sure that the offending host's IP address belongs to the ucsb.edu domain (i.e., the IP address looks like 128.111.nnn.nnn or 169.231.nnn.nnn).

  • Send one event per email. For multiple events, send multiple emails. This will help ensure that each issue is addressed in the most efficient manner.

  • Include all logs relevant to the event.
  • Paste the relevant portion of the log in plain-text format into an email.
  • Be sure your logs contain the following information:
    1. Date of incident
    2. Time of incident
    3. Time zone in which the logs are captured
    4. Source IP address or host name
    5. Destination IP address or host name
    6. Destination port
    7. A brief general description of the event
  • Do not send repeated messages regarding the same event.
  • Do not send multiple complaints in a single message.
  • Do not send an entire log file. Include only portions of the log that pertain to the IP and event in question.
  • Do not send attachments. We will not accept them.
  • Do not send formatted text (Word, Excel, etc.).
  • Do not include trace routes, whois lookups, or ping results, as these do not contribute to the investigation and can lead to the message's becoming unreadable.

 

Send your report to security@ucsb.edu