Abuse response [Was: RE: Yahoo Mail Update]

Wed Apr 16 16:02:02 UTC 2008

On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said:

> - I'd like to see an actual response beyond an autoreply saying that you
> can't tell me who the customer is or what actions were taken.

Well, let's see.   If you're reporting abuse coming from my AS, it's almost
certainly one of 2 things:

1) Some poor soul got zombied in a drive-by fruiting and was part of a botnet.
At this point, it doesn't really matter *who* the customer was, because he was
essentially a Joe Sixpack.  Action taken is almost certainly some variant on
"he's been told to disinfect the machine before getting back on the net".  So
it's unclear what, if anything, you want us to do, except possibly send you
a canned "We found the machine and dealt with it" after the fact.

2) Somebody decided to intentionally do something naughty.  At that point,
it's a very good likelyhood that we *can't* tell you who it was, because
there may be some combination of litigation and prosecution (and in our case,
most likely some internal judicial action) so there's a whole swarm of privacy
laws and "we don't comment on ongoing investigations/litigations" policy. And
since these things can drag on for weeks or months, there may not be any
final resolution for quite some time, so all you'll get back is a "We found
the problem and it will eventually be disposed of"...

Basically, 99.8% of the time, no response other than "We found it and dealt
with it" is actually suitable, and the other 0.2% of the time, you're about
to get dragged into an ongoing investigation, so expect a "Hold Evidence"
order on your fax in a few minutes.. ;)

So what sort of response did you actually *want*?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080416/c2d5d84c/attachment.sig>