abuse reporting tools
rdrake at direcpath.com
Wed Nov 19 01:41:29 UTC 2014
On 11/18/2014 8:11 PM, Michael Brown wrote:
> We need to come up with some sort of international Abuse Reduction and Reporting Engagement Suite of Tools as a Service.
I've been considering a post for a couple of weeks but decided most of
my complaints were petty. I've been getting lots of "ssh attacks
against my network" emails from various people on the internet. All of
them have no standard for what logs they show or what format they show
them in, or what format the whole email is in, so frequently I'm being
told "Trust me, based on this one connection attempt to this
non-qualified hostname that occured on this non-TZ timestamp, you need
to stop your users abuse."
Immediately thereafter they tell me the IP address has already been
blocked in their firewall for an unspecified length of time and give no
routes for amelioration. So I'm left with a very unsatisfactory feeling
of either shutting down a possibly innocent customer based on a machines
word, or attempting to start a dialog with
random_script_user_99 at hotmail.com.
I suspect someone is going to pipe up in a second and say that there is
a suite of tools, but the real problem is that nobody is using it.
More information about the NANOG