adviCe on network security report
Robert Boyle
robert at tellurian.com
Fri Nov 3 01:13:37 UTC 2006
At 05:09 PM 11/2/2006, dlr at bungi.com (Dave Rand) wrote:
>Over the last few years, I have worked with many ISPs. The majority of the
>problems had little to do with the format/style/volume of abuse complaints,
>and a lot to do with empowering the abuse desks to take action. "you
>suck" was not an enabling message :-)
I don't know about other ISP networks because I am only responsible
for one, but we find the huge volume of garbage/bogus/automated abuse
messages makes it difficult to find the real abuse issues which we
need to address. A customer who may forwarding all their email
including spam to their /bigcommericalisp/ account which is then
tagged as spam by the same user when it arrives at their account and
then bounced to abuse at tellurian.net doesn't constitute a valid abuse
complaint in my mind. An ICMP echo packet received by some random
idiot online running some broken and poorly designed "firewall"
software which says he is being attacked by one of our customers does
not merit an abuse report or response. However, an infected box on
our network or a customer with an open smtp relay or an owned box on
one of our client's transit connections from us does merit a reaction
and as quickly as possible to limit the damage they can inflict on
the rest of the community and likewise from a selfish standpoint -
based on the retaliation which may be directed back at us. We try to
be good neighbors, but all the garbage we receive makes it difficult
to be as responsive as I would like. We have our dialup support folks
check through the abuse box and forward anything which falls into the
interested bucket to our NOC team. However, it simply doesn't make
financial sense to have a full time person or people checking through
the abuse box. When something is a real problem and the person on the
other end needs a quick response, they can call us or check ARIN for
netblock contact info. The addresses and numbers listed there will go
straight to someone who can help. I wish abuse was used as intended
instead of my every idiot programmer and script writer for their own
"helpful" stuff we never asked for nor does it help us at all nor
does it help the users.
-Robert
Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin
More information about the NANOG
mailing list