Abuse Desks
Laszlo Hanyecz
laszlo at heliacal.net
Wed Apr 29 18:32:43 UTC 2020
On 2020-04-29 17:51, Mukund Sivaraman wrote:
> On Wed, Apr 29, 2020 at 01:49:14PM -0400, Tom Beecher wrote:
>> What if I am at home, and while working on a project, fire off a wide
>> ranging nmap against say a /19 work network to validate something
>> externally? Should my ISP detect that and make a decision that I shouldn't
>> be doing that, even though it is completely legitimate and authorized
>> activity? What if I fat fingered a digit and accidentally ran that same
>> scan against someone else's /19? Should that accidental destination of
>> non-malicious scans be able to file an abuse report against me and get my
>> service disconnected because they didn't like it?
>>
>> Abuse departments should be properly handling LEGITIMATE abuse complaints.
>> Not crufty background noise traffic that is never going away.
> Sure. Handling legitimate abuse complaints would be quite sufficient. :)
>
> Mukund
Since this is a distributed network and there's not a central authority
to rule on each incident being legitimate, the only way to stay out of
the politics is to ignore people's abuse complaints. Someone's SSH
server is being spammed with probes? That's pretty low bandwidth, not
much threat to the network from a cracking script. Maybe you don't like
it, maybe it's criminal or whatever else, but ostensibly it's some
paying customer's traffic and it should be delivered unmolested. When
someone's infrastructure is getting packeted or having their routers
crashed repeatedly, they respond to that, usually without having to be
emailed, because it's actual abuse of their network. A lot of this
other stuff is just people abusing the abuse contacts to get someone
else taken offline. Phishing websites fall into this category - it's
not network abuse, it's just content someone doesn't like, and one way
to get it taken down is to threaten the network that carries the traffic
for it.
-Laszlo
More information about the NANOG
mailing list