On Thu, 3 Apr 2003, Gerald wrote:
I hate to play devil's advocate here, but I've been on the receiving end of the abuse@ complaints that became unmanagable. The bulk of them consisting of:
"Your user at x.x.x.x attacked me!" (And this is sometimes the nameserver:53 or mailserver:113)
We added this to the auto-reply of our abuse@ address: --- cut - here ---- For complaints of port scanning or supposed hacking attempts, complete logs of the abuse are required. At a minimum, a log of abuse contains the time (including time zone) it happened, the hosts/ips involved and the ports involved. Please note that we received a large number of false complaints from people using personal firewall programs regarding port scanning. If you are submitting a complaint based on the logs from one of these programs we highly suggest you to read the following: http://www.samspade.org/d/persfire.html AND http://www.samspade.org/d/firewalls.html --- cut - here ---- The abuse guys concentrate on spam reports, open-relay reports and sometimes port scanning reports from proper admins (these are easy to spot). Junk from dshield.org and the like is pushed to the bottom of the priority list. There are just too many random packets flying about for the personal firewall reports to be useful. The other problem is it's hard to act against a client based on one packet received by some person on the other side of the world running a program they don't understand. At least with spam reports you'll get several independant reports with full headers and if they use our servers we'll even have our own logs. -- Simon Lyall. | Newsmaster | Work: simon.lyall@ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon@darkmere.gen.nz Ihug Ltd, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz