On Apr 30, 2013, at 2:50 PM, bmanning@vacation.karoshi.com wrote:

Phone? You mean like Jitsi or Skype? Fax?

I'd like to see some numbers to back your assertion of "Typical" restoration times of days.

my vendors deliver software fixes for "BGP" doesn't work in weeks, so I think that the following timeline and process I'm going to outline exceeds their BGP problems. 0 hour - Issue Reported 0-24 hours - triage; send to customer/internal customer to mitigate/remediate 25-48 hours - Customer responds, host taken down if hacked, etc.. 48-96 hours+ - If no response, IP null0'ed per AUP as network security risk 48-96 hours is also where the customer freaks out and quickly fixes their problem to come in compliance with AUP. This is a natural process. Null0 or ACLs don't stay up for days or weeks on end. That doesn't mean this catches 100% of all cases, but many ISPs get a daily report of phishing sites and malware hosted on their network each morning. You can get one too! http://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork You can get a daily ATLAS report from Arbor as well: http://atlas.arbor.net/ (Although I can't get anyone to fix a problem with it, so anyone there can email me if you have the power to fix it). There are other aggregators of data as well, such as SIE. If you don't know the health of your network, take a look. Many folks will email you these reports automatically, or provide you a direct feed (some in realtime, such as SIE). - Jared