On Tue, Apr 15, 2008 at 10:56:02AM +0530, Suresh Ramasubramanian wrote:
On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson <fergdawg@netzero.net> wrote:
As I mentioned in my presentation at NANOG 42 in San Jose, the biggest barrier we face in shrinking the "time-to-exploit" window with regards to contacting people responsible for assisting in mitigating malicious issues is finding someone to actually respond.
Fergie.. you (and various others in the "send emails, expect takedowns" biz) - phish, IPR violations, whatever.. you're missing a huge, obvious point
If you send manual notificattions (aka email to a crowded abuse queue) expect 24 - 72 hours response
If you have high enough numbers of the stuff to report, do what large ISPs do among themselves, set up and offer an ARF'd / IODEF feedback loop or some other automated way to send complaints, that is machine parseable, and that's sent - by prior agreement - to a specific address where the ISP can process it, and quite probably prioritize it above all the "j00 hxx0r3d m3 by doing dns lookups!!!!" email.
That kind of report can be handled within minutes.
Is there an equivalent mechanism for those of us at the fringes of the galaxy to report problems? What is probably needed for little folks like me is not instant response but rather an address and formatting specs so that the information is of maximum usefullness to you and we don't get auto-naks. After all, I can probably generate a few reports a week, but not hundreds per day. -- -=[L]=- This work was funded by The Corporation for Public Bad Art despite their protestations.