On Sun, 13 Feb 2000, Eric A. Hall wrote:
Ad nauseum. Every week I get probed, hacked on, ping-o-death'd and more, while every week I send copies of the log to the source' security@isp. 30% of the time security@ is an invalid mailbox that bounces (which is why I also cc: abuse@isp), 60% of the time the message is ignored or not responded to, and only 10% of the time do I get a response that some form of action might be taken if they can figure out which user had the IP address at that moment.
Recently called the NOC of a tier1 provider who hadn't responded to my emails about repeated cracking attempts originating from their network. They told me point blank, they bin ALL abuse emails and only act on phone reports. (Whats the point of maintaining an abuse mailbox then? Boggle.) This might seem pretty outrageous to some, yet it is not too different from other tier1 NOCs I have dealt with regarding attacks. Perhaps its time someone did a public audit of how the tier1 NOCs (mis)handle abuse incidents. Since it seems impossible to change company policies until something really negative and really public happens (eg recent DDOS), perhaps this is whats needed.
So, based on my experience, the ISP community isn't taking advantage of the tools they have to do their own enforcement. It would seem to me that the first step in saying "we can take care of this ourselves" is to prove that you're credible. If I were asked, I'd say that the quality of self-policing to date has been quite miserable.
Miserable isn't the word for it. I think there has yet to be a word invented to describe this pathetic state of affairs. -Dan