Re: Abuse response [Was: RE: Yahoo Mail Update]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Suresh Ramasubramanian" <ops.lists@gmail.com> wrote:
Do ARF, do IODEF etc. You will find it much easier for abuse desks that care to process your reports. You will also find it easier to feed these into nationwide incident response / alert systems like Australia's AISI (google it up, you will like the concept I think)
Really. How many people are actually doing IODEF? http://www.terena.org/activities/tf-csirt/iodef/ Honestly? And the other regional "formats"? This is kind of what I mean when I talk about disjointed and discombobiulated processes of reporting abuse. It should be simple -- not require a freeking full-blown "standard". - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBEo/q1pz9mNUZTMRAvphAKCTmSmbRHBCq9wuK9U+PDR+PFxWtQCgpV8s z5EJEitF6mIhHspeNuVNMOU= =x2Qh -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson <fergdawg@netzero.net> wrote:
Really.
How many people are actually doing IODEF?
AISI - for example - and AISI feeds the top 25 australian ISPs - takes IODEF as an input And MAAWG does ARF, quite simple to use as well .. but they would take a standard format (with an RFC yet) if you and some other major players 1. Offer iodef (or say ARF) feeds 2. Tell them youre offering these feeds
It should be simple -- not require a freeking full-blown "standard".
Its a standard. And it allows automated parsing of these complaints. And automation increases processing speeds by orders of magnitude.. you dont have to wait for an abuse desker to get to your email and pick it out of a queue with hundreds of other report emails, and several thousand pieces of spam [funny how abuse@domain type addresses end up in so many spammer lists..] srs
On Tue, Apr 15, 2008 at 12:31:33PM +0530, Suresh Ramasubramanian wrote:
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson <fergdawg@netzero.net> wrote:
[snip]
It should be simple -- not require a freeking full-blown "standard".
Its a standard. And it allows automated parsing of these complaints. And automation increases processing speeds by orders of magnitude.. you dont have to wait for an abuse desker to get to your email and pick it out of a queue with hundreds of other report emails, and several thousand pieces of spam [funny how abuse@domain type addresses end up in so many spammer lists..]
It cannot be understated that even packet pushers and code grinders who care get stranded in companies where abuse handling is deemed by management to be a cost center that only saps resources. Paul, you are doing a serious disservice to those folks in specific, and working around such suit-induced damage in general, by dismissing any steps involving automation. Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
participants (3)
-
Joe Provo
-
Paul Ferguson
-
Suresh Ramasubramanian