abusereporting (was Re: Monumentous task of making a list)

• Previous message (by thread): Monumentous task of making a list of all DDoS Zombies.
• Next message (by thread): abusereporting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote:

> The problem with trojans etc is that there so damn many of them, so the 
> less time spent actually tracking down the user who was on IP X at time 
> Y, the better it is for the ISP's staffers who handle complaints about 
> these.

I have asked about this before. Wouldnt it be very nice if there was a 
standardized way to report IP-number and timestamp and type of complaint?

I've seen something produced by some workgroup (RIPE?) but that was a huge 
document about XML and it seemed non-trivial to implement. I was more into 
the idea of having basically email headers like:

X-ABUSEREPORT-IP: <ip>
X-ABUSEREPORT-DATE: <unix timestamp>
X-ABUSEREPORT-TYPE: <spam|abuse|ddos|other>

This should make it trivial for most automated tools to append this 
(spambouncer etc) and make it much easier for the abuse system to do a 
user lookup before presenting the abuse email to the handler, even 
providing the user email address so the handler can take action.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

• Previous message (by thread): Monumentous task of making a list of all DDoS Zombies.
• Next message (by thread): abusereporting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]