abusereporting (was Re: Monumentous task of making a list)
Mikael Abrahamsson
swmike at swm.pp.se
Sun Feb 8 09:43:11 UTC 2004
On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote:
> The problem with trojans etc is that there so damn many of them, so the
> less time spent actually tracking down the user who was on IP X at time
> Y, the better it is for the ISP's staffers who handle complaints about
> these.
I have asked about this before. Wouldnt it be very nice if there was a
standardized way to report IP-number and timestamp and type of complaint?
I've seen something produced by some workgroup (RIPE?) but that was a huge
document about XML and it seemed non-trivial to implement. I was more into
the idea of having basically email headers like:
X-ABUSEREPORT-IP: <ip>
X-ABUSEREPORT-DATE: <unix timestamp>
X-ABUSEREPORT-TYPE: <spam|abuse|ddos|other>
This should make it trivial for most automated tools to append this
(spambouncer etc) and make it much easier for the abuse system to do a
user lookup before presenting the abuse email to the handler, even
providing the user email address so the handler can take action.
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG
mailing list