FW: How to cope with, uhm, "mentally challenged" abuse personnel?

[Tyrannis Von Nettesheim <tyrannis () WWC COM>]

I think this is in the realm of "plausible deniability" for the corporate
types at the ISP, or generically any business. Usually when an event of
massive scope has occurred, it takes some time for it to "float" up to
corporate levels, and their default action from what I've perceived/seen is
to head for corporate counsel and get some legal advice, as well as start
crafting e-mails, press releases, etc., etc. should that be necessary.

While we, stewards of security sanity, reward swift exchanges of
information, the general investment public doesn't because they don't know
what we know - the free and open exchange of verifiable information between
verifiable entities swats problems faster than anything.

It's a culture thing. *shrugs*



-----Original Message-----
From: Blake Frantz [mailto:blake () MC NET]
Sent: Saturday, March 03, 2001 4:08 PM
Subject: Re: How to cope with, uhm, "mentally challenged" abuse
personnel?


Hello,

I have experienced a similar situation with UU.net.  A UU.net *router* was
trying to communicate with one of our core routers via TCP on a wide range
of arbitraty ports.  When asked, UU.net responded with "The type of
internet traffic you describe appears to be of normal origin." and
referred me to RFC 792 (ICMP) - I almost fell off my chair.  None the
less, after we recieved their response the activity stopped.  Purhaps this
is the same in your case, a first level abuse manager sends out a generic
email to passify wouldbe admins and escalates the incident.  Just a
thought.
\