In a message written on Sun, Mar 13, 2011 at 12:45:04PM +0100, Alexander Maassen wrote:
Why o why are isp's and hosters so ignorant in dealing with such issues and act like they do not care?
One of the things you have to remember is that ISP's get a ton of reports, and most of them are of very low quality. Abuse queues are full of people who sign up for a properly run mailing list and then a year or two later mail abuse to get taken off saying its now spam. Or folks who misconfigure their firewall / IDS and send in reports of being DDOSed, by a nameserver, to which they are sending queries and then flagging the responses as an "attack". There are a lot of reports that don't include either the source or destination IP, or leave out any time information. Worst of all, there are the automated reports where someone has a different opinion than the law, or even reality. They create systems to basically DDOS abuse@, by reporting every case they can find individually when in fact the "spammer" is doing things legally and properly. Of course it varies greatly ISP to ISP, depends on customer mix, time of the day, time of the year and all sorts of other factors. Still, there are times when I would say less than 1 in 50 e-mails received to abuse@ is something that is a complete report and actionable Keep that in mind, along with what others have pointed out, that there is generally no "profit" in handling abuse. Quite frankly, most ISP's aren't going to take your DDOS report seriously via e-mail. If it's not bad enough to you that it is worth your time and money to make a phone call and help them track it down it is not worth their time and money to track it down and make it stop. In short, try picking up the phone. You'll bypass the entire e-mail reporting cesspool I just described, and show the ISP you actually care. 9 out of 10 times they will respond by showing they care as well. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/