On Fri, 03 Feb 2006 12:42:04 -0500 Martin Hannigan <hannigan@renesys.com> wrote:
I'd like to see evidence that there is a problem. For example, don't see why these worm lists couldn't have just gone to the abuse address.
Of course that's the right answer. IN THEORY. The practice is rather different, and that's WHY the need for some direct contact exists. I followed through with two large UK ISPs, who had both had the list of worm IPs sent to their official abuse address. In neither case had the mail been read or passed on. A copy to their security specialists was appreciated, and resulted in much hurried activity. No, I'm not going to identify who they were; there probably would have been many more ISPs in that position if I'd looked further.
the customer is shifting the cost of support off of their own provider and on to the rest of us which is inherently not fair.
s/customer/provider/ - if the provider wasn't doing that, the customer quite likely WOULD have gone directly to them.
I think it's ok to post these things to NANOG as long as there's more information than just who they are looking for. If it's too private to tell all of us, then don't use our list as a directory service.
True. Nevertheless there is a need for some directory system, so that appropriate people can contact key security etc people in other network entities, without giving NANOG a full-disclosure on the situation ... -- Richard Cox