Yahoo, Google, Microsoft contact?

Richard Cox Richard at
Fri Feb 3 19:23:24 UTC 2006

On Fri, 03 Feb 2006 12:42:04 -0500
Martin Hannigan <hannigan at> wrote:

> I'd like to see evidence that there is a problem. For example, don't
> see why these worm lists couldn't have just gone to the abuse address.

Of course that's the right answer.  IN THEORY.  The practice is rather
different, and that's WHY the need for some direct contact exists.

I followed through with two large UK ISPs, who had both had the list of
worm IPs sent to their official abuse address.  In neither case had the
mail been read or passed on.  A copy to their security specialists was
appreciated, and resulted in much hurried activity.  No, I'm not going
to identify who they were; there probably would have been many more ISPs
in that position if I'd looked further.

> the customer is shifting the cost of support off of their own provider
> and on to the rest of us which is inherently not fair.

s/customer/provider/ - if the provider wasn't doing that, the customer
quite likely WOULD have gone directly to them.

> I think it's ok to post these things to NANOG as long as there's more
> information than just who they are looking for. If it's too private
> to tell all of us, then don't use our list as a directory service.

True.  Nevertheless there is a need for some directory system, so that
appropriate people can contact key security etc people in other network
entities, without giving NANOG a full-disclosure on the situation ...

Richard Cox

More information about the NANOG mailing list