On Wed, Nov 19, 2014 at 12:14 PM, John Kristoff <jtk@cymru.com> wrote:
On Tue, 18 Nov 2014 16:58:24 -0800 Mike <mike-nanog@tiedyenetworks.com> wrote:
I provide broadband connectivity to mostly residential users.
I can point you to some tools and references I'm aware of, but I can't talk about how effectively they are operationally or whether or not you should abide by or use them.
Don't forget IETF RFC 5970 "IODEF" format as well. It provides a much more comprehensive and flexible reporting format than either X-ARF or RFC 5965 (both of which are really geared primarily towards single badguy / single incident). With that power comes greater complexity, though. I'll have to look at Net::Abuse::Utils since that's the first I've ever heard of it and I don't know what it can do. If it can't make IODEF, I'm a capable Perl programmer, so I can take a look, but no promises. -- Paul W Bennett