Why does abuse handling take so long ?

Florian Weimer fw at deneb.enyo.de
Sun Mar 13 09:25:01 CDT 2011


* Alexander Maassen:

> In most cases the only thing the abuse@ contacts do as hoster, is relay
> the mail to the client but do not dare to do anything themself, even if
> you provide them with a shitload of logs, even if you call them and say
> that the attack from their source is still continueing, they refuse to
> look into it and shutdown the source. And that pisses me off badly.

There is a relatively nice way of putting this.

If you can't contact the customer and don't know what they are doing,
it is difficult to estimate the risk from terminating the customer's
connectivity.  Therefore, giving them some time to react---4 business
hours or perhaps even a business day---seems reasonable, and this can
be a very long time span for many types of network abuse, especially
when time zones are taken into account.

> Why o why are isp's and hosters so ignorant in dealing with such issues
> and act like they do not care?

The less nice way is that many hosters attract customers who don't
care if they are compromised.  These customers do not perceive abuse
notifications as valuable, so the hoster gains nothing from forwarding
them: the abuse won't stop, and the customer is likely less happy than
before.




More information about the NANOG mailing list