"Mikael" == Mikael Abrahamsson <swmike@swm.pp.se> writes:
Mikael> On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote: Mikael> I have asked about this before. Wouldnt it be very nice if Mikael> there was a standardized way to report IP-number and Mikael> timestamp and type of complaint? There isn't one yet. Some people are trying to put together a simplistic looking BCP - http://www.tmisnet.com/~strads/spam/bcp.html Mikael> I've seen something produced by some workgroup (RIPE?) but Mikael> that was a huge document about XML and it seemed Mikael> non-trivial to implement. I was more into the idea of Mikael> having basically email headers like: There is a RIPE WG on spam (I think chaired by Rodney Tillotson from JANET/CERT). But I don't recall something like this being proposed .. and XML is a rather unruly beast to manage, especially for joe user. Your idea of headers might work - or something on the lines of send-pr on *bsd. All that the NOC staff receiving it would require is that it stays simple, without stuff like : Frenzied abuse Screenshots from fancy IDS / software firewall products Long lectures on why spam / DDoS / other network abuse is bad A short two or three line summary of the issue, accurate timestamps and a set of excerpts from your logs (not a whole lot, just enough to make the situation obvious) should be enough. Another big help is giving the NOC access to a good ticketing system which understands the difference between customer support and net abuse handling (here, your customers are the problems, for starters). RT3 has a lot of code (courtesy Paul Vixie and the other people at MAPS who were hacking on it) - but there's a nice new product called Abacus - http://word-to-the-wise.com/abacus that looks promising. srs