On Jan 11, 2008 1:17 AM, Rob Thomas <robt@cymru.com> wrote:
I'll second this point. We've had great luck working with providers globally, but only after folks (such as Sean) took us under their wing and mentored us on the processes and setups that best help ISPs. That alone would make a great *NOG presentation.
Setups that best help *ISPs*? The fun part is that there's this fundamental disconnect even within ISPs .. their CERT guys or security guys go talk to each other, their abuse desks go talk to each other, their packet pushers go talk to each other .. at nspsec/gadicon/whatever, at MAAWG, at *NOG .. There's little or no cross pollination between these groups, if at all. It is this kind of gap that needs to be bridged, just as much as the gaps between ISPs and LE, ISPs and the anti phishing community (banks etc, + the takedown vendor crowd), ISPs and the security community etc etc needs bridging. Leads to the kind of fun situation where a guy who does CERT/security stuff for a very large ISP was up in front of a mostly abuse desk audience, describing the Hotlan trojan (which compromises PCs to script account creation and spamming through various webmail sites). He's like "they were hitting us, Y, Z .... pity I didnt know who to contact at Y or Z at all" That, when people from the Y and Z abuse teams (Z being us in this story), were in the same room as the abuse team from X (which the guy works for). And where the X, Y and Z abuse desks know each other very well, are in constant touch over email / IM / face to face at various conferences etc. Talk about fundamental disconnects .. not that I know the packet pushers from X and Y at all (the one packet pusher I knew from X recently got assimilated by G, so that puts paid to that ..) --srs disclaimer: Names replaced by X, Y and Z solely to render this little story fit for public consumption .. it took place at a nominally closed meeting. It wont take you too long to arrive at reasonably plausible guesses for X, Y and Z, so I will leave you to the guessing. No points for the right answer, no comment either .. what I'm pointing out is general enough that it could be any X, Y and Z companies,