Q: What do ISPs really think about security issues?

Gadi Evron ge at linuxbox.org
Fri Jan 11 16:05:49 UTC 2008


On Fri, 11 Jan 2008, Suresh Ramasubramanian wrote:
>
> Another vendor who, after being given clear escalation paths, first
> kept cc'ing our upstream abuse desk, and every role account OTHER than
> abuse at our domain.  When they finally get enough clue hammered into
> them to cc our abuse desk, they escalate to my work address within two
> hours of that, demanding it be taken down.

Let me guess which one it is, the same one that called 2 minutes later and 
threatened to go to the Police on YOU?

> Our abuse desk would handle tix within a business day, or even
> earlier.  And email about phish takes priority right after (say) LE
> requests that find their way there (instead of the special POC we
> already have given most LE agencies).   So, escalating a manual
> complaint after two hours is a bit thick, I'd say.
>
> Anyway, that particular vendor  got told to take a hike, told that we
> wouldnt accept any further reports from them (and that our automated
> scripts kill about 20 for every one that they report anyway), and that
> we'd contact the one client they seem to send these alerts for
> directly and set up something more automated, where they could send us
> a list (in a standard format, and verified at their end) and we'd take
> it down automatically.  Of course with manual review later.

Their client's name starts with C? :)

> Neither of those two takedown services (especially not the one in #2)
> is going to get anything like this offered to them.  Not until they
> actually learn to play nice with other ISPs.  Which comes right back
> to Sean's remark that I replied to.
>
> Sorry for the long emails, but I do wish more takedown services (and
> more abuse / security desks) would read the MAAWG abuse desk best
> practice document ..
>
> http://www.maawg.org/about/publishedDocuments/Abuse_Desk_Common_Practices.pdf

Best suggestion of the thread. Now how can we make that happen? If we can 
give it an easily Googable name, we may be able to mention it in the press 
when the occasion rises. We may be able to inform them of it (nicely) in 
response to abuse email. What did you find works for you?

>
> --srs

 	Gadi.



More information about the NANOG mailing list