Automated Network Abuse Reporting

Brian Bruns bruns at
Mon Dec 29 17:31:36 UTC 2003

On Monday, December 29, 2003 11:24 AM [GMT-5=EST], Joel Jaeggli
<joelja at> wrote:

> if you automate abuse reporting you can basically assume that the reciver
> will automate abuse handling. since that has in fact happened as far as i
> can tell the probably of you automated asbuse replaies ever reaching a
> human who cares or can do something about it is effecetivly zero.

Most likely, automated abuse reports will be treated like abuse reports from
users with those lovely software firewalls that whine all the time that their
ISP's nameserver is trying to hack them on port 53 (IE: thrown in with the
rest of the reports in the round filing cabinet on the floor next to the

I refused to accept automated abuse reports of probes or similar when I was an
ISP netadmin.

Portscans/pingscans/etc are not illegal (and I've seen this sucessfully proven
in court at least once).  They are illegal if you use it to bring down
someone's machine though.

Basically, if I were you, I'd turn your firewall's sensitivity WAY down and
only track events that are obviously attempts to hack.

Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources

The AHBL -

More information about the NANOG mailing list