adviCe on network security report
sil at infiltrated.net
Thu Nov 2 14:54:52 UTC 2006
Sean Donelan wrote:
> Hint, hint, hint. When the abuse and security folks at ISPs give suggestions on how to best work with them, its sometimes a good idea
> to listen.
What happens when the security folks are absent? This seems to be somewhat of the case concerning contacting "abuse at SOMEWHERE_OVER_THE_RAINBOW.com". Many times it starts there where someone will contact an abuse apartment that is likely not monitored. Let's be realistic here... Before someone shoots of a "your-so-off-topic-whiny-whiny-whiny" response. How many here have contacted an abuse and simply gotten 1) an autoresponder 2) no reply 3) undeliverable 4) no such account exists as opposed to getting something useful.
> ISP security and abuse folks generally know how bad the problems are. That
> isn't useful to getting their jobs done. They usually have better information about how bad it is than most third-parties.
See my previous sentence... What happens when they see it, shrug off a simple abuse message that may contain something useful because they're fending off a DDoS attack or something. Does an abuse message take less precendence than other security matters. What will ISP's do when someone lashes back and starts some form of class action lawsuit against an ISP whose engineers repeatedly sat around and <strike>read NANOG and whined</strike> and did nothing? Is that what it will take? So I contacted abuse at f00f00.org about some user there stealing my info, spamming me, doing something illegal, I messaged them 10 times, no response. How about... I sue them.
> ISP security and abuse teams already receive reports from almost every group in existence. After they process the high priority work, e.g. court orders from countries around the world, reports from customers, etc; figuring out how to make the security and abuse teams lives easier is
> the key to getting your complaints to the top of the pile. Rankings of other ISPs doesn't change their workload.
Out of curiousity (and I doubt many will respond publicly to this) how many people have had success versus failure when dealing with abuse issues. I'm thinking for every answered message sent to abuse (non autoresponder), one will likely see more than 7-10 failures. Failures include an autoresponse, nothing ever done, no response ever returned, a response returned a quarter of a century later...
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey
More information about the NANOG