Yahoo, Google, Microsoft contact?

Christopher L. Morrow christopher.morrow at
Fri Feb 3 19:32:04 UTC 2006

On Fri, 3 Feb 2006, Richard Cox wrote:

> On Fri, 03 Feb 2006 12:42:04 -0500
> Martin Hannigan <hannigan at> wrote:
> > I'd like to see evidence that there is a problem. For example, don't
> > see why these worm lists couldn't have just gone to the abuse address.
> Of course that's the right answer.  IN THEORY.  The practice is rather
> different, and that's WHY the need for some direct contact exists.
> I followed through with two large UK ISPs, who had both had the list of
> worm IPs sent to their official abuse address.  In neither case had the
> mail been read or passed on.  A copy to their security specialists was
> appreciated, and resulted in much hurried activity.  No, I'm not going
> to identify who they were; there probably would have been many more ISPs
> in that position if I'd looked further.

you are surprised that a URL in email with little useful explanation was
passed over by their ticketting system? Direct access works for small
cases, or important high value targets... Abusing that with a big list, or
massive oversubscription will just cause it to fail.

If you have a large scale problem, use the accepted large scale problem
bucket: [email protected]  don't find some lonely person who spends their personal
time to help you on individual cases or high priority items to abuse with
this... 'use the right tool for the job'.

More information about the NANOG mailing list