adviCe on network security report
ge at linuxbox.org
Thu Nov 2 15:00:19 UTC 2006
On Thu, 2 Nov 2006, J. Oquendo wrote:
> > ISP security and abuse teams already receive reports from almost every group in existence. After they process the high priority work, e.g. court orders from countries around the world, reports from customers, etc; figuring out how to make the security and abuse teams lives easier is
> > the key to getting your complaints to the top of the pile. Rankings of other ISPs doesn't change their workload.
> Out of curiousity (and I doubt many will respond publicly to this) how many people have had success versus failure when dealing with abuse issues. I'm thinking for every answered message sent to abuse (non autoresponder), one will likely see more than 7-10 failures. Failures include an autoresponse, nothing ever done, no response ever returned, a response returned a quarter of a century later...
I believe what Sean said above is key. There are several sources which are
trusted, regular and efficient. myNetwatchmen, SANS ISC, Cymru, the DA
RatOut. Then there are the pull places, such as spamhaus...
Everyone has their favorite, and it works better.
Then come customer complainst, then email reports. If there reports are in
good form and provide with good data (plus are short and to the point),
they will probably get quick attention (as soon as POSSIBLE).
You need to remember these are good folks, who get paid to lose the ISP
money by disconnecting clients...
Some do better, some do worse. Those that do nothing concern me most.
Contributing to one of the projects above (those that allow it) or forming
better complaints is the first step. Identifying the internet bad boys is
More information about the NANOG