9 Nov
2014
9 Nov
'14
12:43 p.m.
On 11/09/2014 09:31 AM, Brian Rak wrote:
Some tips: 1) Verify the servers are still vulnerable. This is pretty straightforward, and saves everyone involved some time For a DDOS, I'd be concerned that the provider would now think my activity was malicious.
2) Your abuse emails should include tcpdump-like output (or you'll get tons of replies asking for logs) Is the output from nfdump close enough?
3) Sticking to one abusive IP per email seems to get the best response rate (or you confuse all the automated systems for parsing these) The smallest email abuse report I sent last week contained over 15,000 IPs. Is it really better to send that many emails?