Scaled Back Cybersecuruty
Bryan Bradsby
Bryan.Bradsby at capnet.state.tx.us
Tue Jan 14 21:17:43 UTC 2003
> One problem with notifications typically (that I've seen) is that there is
> no one to notify...
We tried notifications to the netblock owner for every incident that
exceeded a reasonable threshold. [1]
It takes a lot of time to find netblock owners. Even after investing
self to try to make the net a better place, the satisfactory response rate
is very small.
> there may be an email address, but most likely that's not even
> watched/read/responded-to/reacted-upon.
ditto.
> recieve less than 1 in 3K responses :(
We may not have time to answer each of the mechanized notifications, but
we process and respond to each incident. If only every ISP did at least
that.
> To start fixing this problem every ISP really needs some security folks
> dedicated to customer security issues...
I am the point of contact for the net in the sig below. We take all
network abuse notifications seriously, and follow up with our customers.
I am not hard to find.
whois -h whois.arin.net bb122-arin
> Hopefully, once there are security folks at all ISP's the ISP's will be
> able to speak intelligently and civily to each other to cooperate and
> contain problems.
Amen.
At your service,
-bryan bradsby
Texas State Government Net
me: 512-936-2248
NOC: 512-475-2432 877-472-4848
--
If all the world's a stage, I want to operate the trap door.
-- Paul Beatty
[1] (see: "Firewall Seen" by Robert Graham)
http://www.robertgraham.com/pubs/firewall-seen.html
More information about the NANOG
mailing list