Re: adviCe on network security report
Sean Donelan wrote:
Hint, hint, hint. When the abuse and security folks at ISPs give suggestions on how to best work with them, its sometimes a good idea to listen.
What happens when the security folks are absent? This seems to be somewhat of the case concerning contacting "abuse@SOMEWHERE_OVER_THE_RAINBOW.com". Many times it starts there where someone will contact an abuse apartment that is likely not monitored. Let's be realistic here... Before someone shoots of a "your-so-off-topic-whiny-whiny-whiny" response. How many here have contacted an abuse and simply gotten 1) an autoresponder 2) no reply 3) undeliverable 4) no such account exists as opposed to getting something useful.
ISP security and abuse folks generally know how bad the problems are. That isn't useful to getting their jobs done. They usually have better information about how bad it is than most third-parties.
See my previous sentence... What happens when they see it, shrug off a simple abuse message that may contain something useful because they're fending off a DDoS attack or something. Does an abuse message take less precendence than other security matters. What will ISP's do when someone lashes back and starts some form of class action lawsuit against an ISP whose engineers repeatedly sat around and <strike>read NANOG and whined</strike> and did nothing? Is that what it will take? So I contacted abuse@f00f00.org about some user there stealing my info, spamming me, doing something illegal, I messaged them 10 times, no response. How about... I sue them.
ISP security and abuse teams already receive reports from almost every group in existence. After they process the high priority work, e.g. court orders from countries around the world, reports from customers, etc; figuring out how to make the security and abuse teams lives easier is the key to getting your complaints to the top of the pile. Rankings of other ISPs doesn't change their workload.
Out of curiousity (and I doubt many will respond publicly to this) how many people have had success versus failure when dealing with abuse issues. I'm thinking for every answered message sent to abuse (non autoresponder), one will likely see more than 7-10 failures. Failures include an autoresponse, nothing ever done, no response ever returned, a response returned a quarter of a century later... -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 "How a man plays the game shows something of his character - how he loses shows all" - Mr. Luckey
On Thu, 2 Nov 2006, J. Oquendo wrote:
ISP security and abuse teams already receive reports from almost every group in existence. After they process the high priority work, e.g. court orders from countries around the world, reports from customers, etc; figuring out how to make the security and abuse teams lives easier is the key to getting your complaints to the top of the pile. Rankings of other ISPs doesn't change their workload.
Out of curiousity (and I doubt many will respond publicly to this) how many people have had success versus failure when dealing with abuse issues. I'm thinking for every answered message sent to abuse (non autoresponder), one will likely see more than 7-10 failures. Failures include an autoresponse, nothing ever done, no response ever returned, a response returned a quarter of a century later...
I believe what Sean said above is key. There are several sources which are trusted, regular and efficient. myNetwatchmen, SANS ISC, Cymru, the DA RatOut. Then there are the pull places, such as spamhaus... Everyone has their favorite, and it works better. Then come customer complainst, then email reports. If there reports are in good form and provide with good data (plus are short and to the point), they will probably get quick attention (as soon as POSSIBLE). You need to remember these are good folks, who get paid to lose the ISP money by disconnecting clients... Some do better, some do worse. Those that do nothing concern me most. Contributing to one of the projects above (those that allow it) or forming better complaints is the first step. Identifying the internet bad boys is second. Gadi.
On Thursday 02 Nov 2006 14:54, you wrote:
I'm thinking for every answered message sent to abuse (non autoresponder), one will likely see more than 7-10 failures.
It is a self fulfilling issue. Those abuse desks who deal with the issues you rarely end up writing to, those who don't, you inevitably end up writing to. Which is why you get a better response when raising a new issue, or a small issue, with someone who hasn't been notified of it before. Broach a big established problem like pointing out that Telecom Italia is one of the worse spewers of advance fee fraud emails on the Internet, and you can't get anyone to take an interest. If there were anyone who cared, they would have done something about it by now. Even the Italian government doesn't seem to care about that one. rfc-ignorant.org exists for a reason.
participants (3)
-
Gadi Evron
-
J. Oquendo
-
Simon Waters