Re: Stupid Question: Network Abuse RFC?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Randy Bush <randy@psg.com> wrote:
2142
but i am surprised you asked here instead of an ietf list. here we actually do the stuff, not tell other folk how they should do it. :)
Thanks for the pointer, and I even appreciate you snarky reply. :-) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHiaT9q1pz9mNUZTMRAsUwAKDfzxtwp/OLvLgl+xnO1lmMV7bcjACgzpAz bDJjr/2v8tbWJep9AIAfxkk= =Puaa -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
On Jan 13, 2008 12:43 AM, Paul Ferguson <fergdawg@netzero.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -- Randy Bush <randy@psg.com> wrote:
2142
but i am surprised you asked here instead of an ietf list. here we actually do the stuff, not tell other folk how they should do it. :)
Thanks for the pointer, and I even appreciate you snarky reply. :-)
There was also some work ongoing in INCH, that included some machine-parsable reporting formats (RID I believe... Ms Moriarty's work, if I remember correctly)
On Jan 12, 2008, at 9:58 PM, Christopher Morrow wrote:
On Jan 13, 2008 12:43 AM, Paul Ferguson <fergdawg@netzero.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -- Randy Bush <randy@psg.com> wrote:
2142
but i am surprised you asked here instead of an ietf list. here we actually do the stuff, not tell other folk how they should do it. :)
Thanks for the pointer, and I even appreciate you snarky reply. :-)
2142 isn't really related to abuse much, other than suggesting use of the abuse@ and security@ aliases for reporting. I can't think of any other docs that are abuse related, useful and RFCs, though.
There was also some work ongoing in INCH, that included some machine-parsable reporting formats (RID I believe... Ms Moriarty's work, if I remember correctly)
ARF too, if the abuse is email-based. http://www.shaftek.org/publications/drafts/abuse-report/ http://wordtothewise.com/resources/arf.html Cheers, Steve
On Sun, 13 Jan 2008, Christopher Morrow wrote:
2142
but i am surprised you asked here instead of an ietf list. here we actually do the stuff, not tell other folk how they should do it. :)
Thanks for the pointer, and I even appreciate you snarky reply. :-)
There was also some work ongoing in INCH, that included some machine-parsable reporting formats (RID I believe... Ms Moriarty's work, if I remember correctly)
The great thing about standards is there are so many to choose from. There is also ARF: Abuse Feedback Reporting Format from the Mutual Internet Practices Assocation. Messaging Anti-Abuse Working Group has multiple documents. Alliance for Telecommunications Industry Solutions has standards on handling annoyance, fraud and harrasment. In the US, the Federal Communications Commission, Network Reliability Interoperability Committee published a ton of "Best Practices" And then there are various one-shot things produced by many groups such as the OECD, ASTA, FTC, NASD, etc.
On Jan 13, 2008 12:05 PM, Sean Donelan <sean@donelan.com> wrote:
The great thing about standards is there are so many to choose from. There is also ARF: Abuse Feedback Reporting Format from the Mutual Internet Practices Assocation. Messaging Anti-Abuse Working Group has multiple documents.
ARF is the de facto standard, widely deployed, for ISP spam reporting feedback loops As for INCH, standards track or not, as much as I keep asking about, I can find very few instances of CERTs actually using the damned thing. And quite a few feeds dont appear to provide "take" in INCH format.
And then there are various one-shot things produced by many groups such as the OECD, ASTA, FTC, NASD, etc.
The only relevant one I remember that the OECD did, in the context of their spam toolkit, was an earlier version of the MAAWG sender best practices documents, developed by MAAWG jointly with OECD's business constituency BIAC. Newer versions of the sender bcp (which is bcp for legit bulk mailers) have since been published on the MAAWG website. The ASTA docs became the MAAWG best practices, more or less ..pretty much the same crowd behind both (large ISPs + email providers). And most of that lot is not reporting standards or formats, it is best practices for abuse handling / legit email marketing etc. --srs -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Sun, Jan 13, 2008 at 12:58:11AM -0500, Christopher Morrow <christopher.morrow@gmail.com> wrote a message of 21 lines which said:
There was also some work ongoing in INCH, that included some machine-parsable reporting formats
For the technical side of abuse reporting, IETF documents two formats: The Intrusion Detection Message Exchange Format (IDMEF), RFC 4765, with a status of Experimental The Incident Object Description Exchange Format (IODEF), RFC 5070, which is Standard.
participants (6)
-
Christopher Morrow -
Paul Ferguson -
Sean Donelan -
Stephane Bortzmeyer -
Steve Atkins -
Suresh Ramasubramanian