On 11/18/2014 8:11 PM, Michael Brown wrote:
We need to come up with some sort of international Abuse Reduction and Reporting Engagement Suite of Tools as a Service.
M.
I've been considering a post for a couple of weeks but decided most of my complaints were petty. I've been getting lots of "ssh attacks against my network" emails from various people on the internet. All of them have no standard for what logs they show or what format they show them in, or what format the whole email is in, so frequently I'm being told "Trust me, based on this one connection attempt to this non-qualified hostname that occured on this non-TZ timestamp, you need to stop your users abuse." Immediately thereafter they tell me the IP address has already been blocked in their firewall for an unspecified length of time and give no routes for amelioration. So I'm left with a very unsatisfactory feeling of either shutting down a possibly innocent customer based on a machines word, or attempting to start a dialog with random_script_user_99@hotmail.com. I suspect someone is going to pipe up in a second and say that there is a suite of tools, but the real problem is that nobody is using it. Robert