Abuse Desks

Matt Corallo nanog at as397444.net
Thu Apr 30 01:09:51 UTC 2020

Good thing I care, but that's missing the point here - the volume of abuse requests makes the entire abuse system
unworkable. Not for me so much, I can deal with the volume (a few obnoxious individuals aside), but AWS/OVH/Hertzner
appear to have decided they cannot, and that means I can't contact them if there's something more serious going on.

I highly doubt so many folks "don't care" about potentially compromised hosts, in fact I know for sure several of them
have deployed a number of full-time staff to build solutions to monitor for such things. The fact that those solutions
often don't involve their abuse system should tell us something.


On 4/29/20 3:44 AM, Dan Hollis wrote:
> On Tue, 28 Apr 2020, Matt Corallo wrote:
>> Sadly dumb kids are plentiful. If you have to nag an abuse desk every time they sell a server to a kid who’s
>> experimenting with nmap for the first time then.... we’ll end up exactly where we are - abuse contacts are not a
>> reliable way to get in touch with anyone, and definitely not a reliable way to do so fast or with any reasonably large
>> network. Please don’t clog the otherwise-useful system.
> compromised servers on your infrastructure hosting nigerian criminals look much the same as a script kiddie
> experimenting with nmap.
>> If you have trouble sleeping at night, I’d recommend the “PasswordAuthentication no” option in sshd_config.
> you either care about reports of potentially compromised hosts on your infrastructure or you don't.
> -Dan

More information about the NANOG mailing list