One problem with notifications typically (that I've seen) is that there is no one to notify...
We tried notifications to the netblock owner for every incident that exceeded a reasonable threshold. [1] It takes a lot of time to find netblock owners. Even after investing self to try to make the net a better place, the satisfactory response rate is very small.
there may be an email address, but most likely that's not even watched/read/responded-to/reacted-upon.
ditto.
recieve less than 1 in 3K responses :(
We may not have time to answer each of the mechanized notifications, but we process and respond to each incident. If only every ISP did at least that.
To start fixing this problem every ISP really needs some security folks dedicated to customer security issues...
I am the point of contact for the net in the sig below. We take all network abuse notifications seriously, and follow up with our customers. I am not hard to find. whois -h whois.arin.net bb122-arin
Hopefully, once there are security folks at all ISP's the ISP's will be able to speak intelligently and civily to each other to cooperate and contain problems.
Amen. At your service, -bryan bradsby Texas State Government Net me: 512-936-2248 NOC: 512-475-2432 877-472-4848 -- If all the world's a stage, I want to operate the trap door. -- Paul Beatty [1] (see: "Firewall Seen" by Robert Graham) http://www.robertgraham.com/pubs/firewall-seen.html