Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...]

Luke S Crawford lsc at prgmr.com
Sat Dec 20 13:13:35 UTC 2008


"Brandon Galbraith" <brandon.galbraith at gmail.com> writes:
> But it's definitely not cool when my credit card company cuts off my card
> due to "abnormal charges" when I'm abroad and suddenly can't get ahold of
> customer service via their international phone number. Automation in the
> right places works wonders for both convenience and the bottom line. In the
> wrong places, it's a sawed off shotgun pointed at your feet.

Yeah, in this case, I think getting the rules right is the hard part...
I don't think it matters that much if the rules are executed by a level-1
person vs. a script (the script, I think, would be more consistent, 
at least.)    Sure, if you can afford to page someone good to deal with it, 
that's probably an even better answer, assuming they can get to it quickly, 
but that's much more expensive  than just blocking it.   (I imagine the
right approach depends a lot on what you happen to be charging the customers
in question.)  

Even if you do decide to wait around for an abuse@ complaint to take action,
having the IDS logs of the outgoing traffic makes corroberating an abuse 
complaint much easier.  And it's easy enough to email a human instead of 
shutting off a customer automatically.  




More information about the NANOG mailing list