================================================================
This example incident report is void - for testing purposes only
================================================================

Delivered-To: cert@our_cert_team.dom
Old-Received: from 192.168.0.7 by 192.168.0.8 with inbound SMTP (MW) with ESMTP; Tue, 16 Oct 2001 13:20:32 +0100
Old-Received: from 192.168.0.6 by 192.168.0.7 with LOCAL SMTP (MW) with ESMTP; Tue, 16 Oct 2001 13:19:58 +0100
Old-Received: from 192.168.0.5 by 192.168.0.6 with JANET SMTP with ESMTP; Tue, 16 Oct 2001 13:17:48 +0100
Old-Received: from [192.168.0.4] (helo=192.168.0.4)
    by nosc.our_network.dom with esmtp (Exim 3.10 #2)
    id 15tTAD-0004MH-00
    for abuse@our_network.dom; Tue, 16 Oct 2001 13:17:41 +0100
Old-Received: from 192.168.0.1 ([192.168.0.1])
    by 192.168.0.3 (192.168.0.3) with SMTP id f9GCJ9224444;
    Tue, 16 Oct 2001 14:19:09 +0200
Old-Received: from 192.168.0.2 ([192.168.0.2]) by 192.168.0.1 (WinRoute Pro 4.1.27) with SMTP; Tue, 16 Oct 2001 14:21:10 +0200
From: anon@not_one_of_ours.dom
X-forwarded: to cert@our_cert_team.dom
To: <cert@our_cert_team.dom>, <abuse@our_network.dom>
Subject: ABUSE!
Date: Tue, 16 Oct 2001 14:16:35 +0200
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
Resent-Date:  Wed, 17 Oct 2001 07:23:31 +0100
Resent-From: liaison
Resent-To: cert@our_cert_team.dom
Resent-To: liaison

Hi CERT team.
 The following report was sent to abuse@our_network.dom (or a related address)
and has been redirected to you with original headers intact to make it
easier for you to pick up the query.

All the best - liaison
####################################################################
Someone is bugging me from one of you IP's....see information below
Stop this or we will take other steps.

Waiting for your reply


Anon





2001-09-20 11:45:14 GMT
By 172.16.192.254 against 10.0.151.254
Attack #2000110: ICMP flood
Port information: PercentFromIntruder=17&type=3|11
Attack count: 1
Attack result: ?unknown result code?
Attacker's DNS Name: anon.ac.uk

2001-09-24 09:31:59 GMT
By 172.16.192.254  against 10.0.151.254
Attack #2000110: ICMP flood
Port information: PercentFromIntruder=11&type=3|11
Attack count: 1
Attack result: Blocked
Attacker's DNS Name: anon.ac.uk