auto-reporting to ISPs

[bugtraq () NETWORKICE COM (Robert Graham)]

Below is an e-mail from a customer who would like to see us add an
auto-email feature to our product in order to notify the ISP of the
offending hacker. This is pretty funny because we've already seen some
complaints by ISPs from such a feature in other products appear on this list
over the past couple of days.

Could abuse@isp people please send me e-mail:
* what is the proper way a product like BlackICE Defender should assist the
user in reporting such events?
* what should I tell this user about why we haven't put such a simple
feature into the product?

Thanks,
Robert Graham
CTO/Network ICE

-----Original Message-----
From: <namedeleted>@home.com
Sent: Friday, February 25, 2000 7:24 AM
To: webmaster () networkice com
Subject: knowledge base

I think your knowledge base is quite well written
however on several questions you have said this is
a common occurrance by hackers and should not be
of concern.  If it is common, shouldn't it be
referred to someone for some sort of action?  A
hacker scanning for a trojan is like a kid checking
the locks on store doors after dark or a drunk
checking his pockets for car keys, maybe not illegal
but the next step will be.  Consider adding to your fine
program a e-mail form where after checking the
domain out, a e-mail can be set to the ISP describing
the action (and if it did an autolookup with internic
then it would be really slick)