The Cambridge Computer Emergency Response Team (CamCERT) co-ordinates security matters in the University of Cambridge. If you receive an unwelcome intrusion from a machine in the
cam.ac.uk domain you should email firstname.lastname@example.org as soon as you notice the intrusion including the following information:
- the IP address (number) of your machine
- the IP address of the Cambridge machine
- the port probed for - please ensure that this is a genuine security threat and not simply normal Internet traffic such as ident (port 113) or packets used by peer-to-peer file-sharing programs especially when your IP address is a dynamic one. In the latter case, the traffic is likely to be legitimate traffic to the machine that was using the address before you.
- the extract from your logs in a plain text format (note that we cannot read proprietary log formats)
- the time zone of your logs
- an indication of whether your logs are NTP synchronised and if not, how far off true time your machine is