================================================================
This example incident report is void - for testing purposes only
================================================================

From: Other CERT <other_cert@organization3.ol>
Organization: Organization3
To: CERT <cert@example_cert.org>
Subject:  Root comrpromise from your network [OtherCERT #00000000]
Date:  Fri, 05 Jan 2001 14:44:59 +0000

Dear Sir,
We have received a report of unauthorised use originating from sites that 
you are listed as the RIPE contact for. Please find log extracts appended 
at the end of this message. If you are not the correct person to be dealing 
with this incident, could you please contact the appropriate person with 
the details and inform us.

The unauthorised use originated from: 10.10.10.10
The target machine has the following IP address: 172.30.39.30

Such use is likely contrary to your acceptable use policy and indicates 
that you may have a security problem. We would appreciate if you could 
investigate, deal with any errant users as per your internal policies and 
inform us, so we can inform the reporting site that action has been taken.

The incident reference number [OtherCERT #00000000] has been assigned to 
this incident.  We will be monitoring this incident, and tracking its 
progress to closure. Please use the incident reference number in the 
subject line of all correspondence relating to this incident.

Best regards,

--
Other CERT
Organization3
tel: +00 88 99 99 99
e-mail: other_cert@organization3.ol
 

Log Extracts (Times GMT):
>
>Dec 27 18:46:31 172.30.39.30  ftpd[15154]: ANONYMOUS FTP LOGIN FROM 10.10.10.10
 >[10.10.10.10],
 >
 >
 >
 >
 >1À1Û1É°FÍ€1À1ÛC‰ÙA°?Í€ëk^1À1É^^A
 >ˆF^Df¹ÿ^A°'Í€1À^^A°=Í€1À1Û^^H‰C^B1ÉþÉ1À^^H°^LÍ€þÉuó1ÀˆF^I^^H°=Í€þ^N°0þÈˆ
 >F^D1ÀˆF^G‰v^H‰F^L‰óN^HV^L°^KÍ€1À1Û°^AÍ€èÿÿÿ0bin0sh1..11

and
 >
>Dec 27 18:50:24 172.30.39.30 ftpd[1653]: ANONYMOUS FTP LOGIN FROM 10.10.10.10
 >[10.10.10.10],
 >
 >
 >
 >
 >1À1Û1É°FÍ€1À1ÛC‰ÙA°?Í€ëk^1À1É^^A
 >ˆF^Df¹ÿ^A°'Í€1À^^A°=Í€1À1Û^^H‰C^B1ÉþÉ1À^^H°^LÍ€þÉuó1ÀˆF^I^^H°=Í€þ^N°0þÈˆ
 >F^D1ÀˆF^G‰v^H‰F^L‰óN^HV^L°^KÍ€1À1Û°^AÍ€èÿÿÿ0bin0sh1..11