adviCe on network security report

Robert Boyle robert at
Fri Nov 3 01:13:37 UTC 2006

At 05:09 PM 11/2/2006, dlr at (Dave Rand) wrote:
>Over the last few years, I have worked with many ISPs.  The majority of the
>problems had little to do with the format/style/volume of abuse complaints,
>and a lot to do with empowering the abuse desks to take action.  "you
>suck" was not an enabling message :-)

I don't know about other ISP networks because I am only responsible 
for one, but we find the huge volume of garbage/bogus/automated abuse 
messages makes it difficult to find the real abuse issues which we 
need to address. A customer who may forwarding all their email 
including spam to their /bigcommericalisp/ account which is then 
tagged as spam by the same user when it arrives at their account and 
then bounced to abuse at doesn't constitute a valid abuse 
complaint in my mind. An ICMP echo packet received by some random 
idiot online running some broken and poorly designed "firewall" 
software which says he is being attacked by one of our customers does 
not merit an abuse report or response. However, an infected box on 
our network or a customer with an open smtp relay or an owned box on 
one of our client's transit connections from us does merit a reaction 
and as quickly as possible to limit the damage they can inflict on 
the rest of the community and likewise from a selfish standpoint - 
based on the retaliation which may be directed back at us. We try to 
be good neighbors, but all the garbage we receive makes it difficult 
to be as responsive as I would like. We have our dialup support folks 
check through the abuse box and forward anything which falls into the 
interested bucket to our NOC team. However, it simply doesn't make 
financial sense to have a full time person or people checking through 
the abuse box. When something is a real problem and the person on the 
other end needs a quick response, they can call us or check ARIN for 
netblock contact info. The addresses and numbers listed there will go 
straight to someone who can help. I wish abuse was used as intended 
instead of my every idiot programmer and script writer for their own 
"helpful" stuff we never asked for nor does it help us at all nor 
does it help the users.


Tellurian Networks - Global Hosting Solutions Since 1995 | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin

More information about the NANOG mailing list