-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Frank Bulk - iNAME" <frnkblk@iname.com> wrote:
72 hours to respond to e-mail sent to the abuse account? That's much too long -- it should be at least a 4 hour response time during business hours, and for service providers and operators large enough to staff their network 24x7 for other reasons, 4 hour response time all the time.
Right. You're dreaming. As I mentioned in my presentation at NANOG 42 in San Jose, the biggest barrier we face in shrinking the "time-to-exploit" window with regards to contacting people responsible for assisting in mitigating malicious issues is finding someone to actually respond. I'd personally jump for joy if I could count on 72 hours, or less. Unfortunately, most abuse requests/inquiries fall into a black-hole, or bounce. Very rarely do I find a helpful individual at the end of an abuse address, and that is truly unfortunate. Me, I have pretty much given up on any domain-related avenues, since they generally end up in disappointment, and found more successes in going directly to the owners of the IP allocation, and upstream ISP, a regional/national CERT/CSIRT, or law enforcement. Mow, this has no bearing on the original subject (which I have now forgotten what it is -- oh yeah, something about Yahoo! mail), but it should be additional proof that the Bad Guys know how to manipulate the system, the system is broken, and the Bad Guys are now making much more money than we are. :-) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBDMNq1pz9mNUZTMRAtuVAJ9dP9ptygn/OrEWu7XsrffzorB5NACgz6dg vGCfQkUgbyB3QMfcR076VO0= =0fOY -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/