On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote:
The problem with trojans etc is that there so damn many of them, so the less time spent actually tracking down the user who was on IP X at time Y, the better it is for the ISP's staffers who handle complaints about these.
I have asked about this before. Wouldnt it be very nice if there was a standardized way to report IP-number and timestamp and type of complaint? I've seen something produced by some workgroup (RIPE?) but that was a huge document about XML and it seemed non-trivial to implement. I was more into the idea of having basically email headers like: X-ABUSEREPORT-IP: <ip> X-ABUSEREPORT-DATE: <unix timestamp> X-ABUSEREPORT-TYPE: <spam|abuse|ddos|other> This should make it trivial for most automated tools to append this (spambouncer etc) and make it much easier for the abuse system to do a user lookup before presenting the abuse email to the handler, even providing the user email address so the handler can take action. -- Mikael Abrahamsson email: swmike@swm.pp.se