nanog mailing list archives
Re: abusereporting
From: suresh () outblaze com (Suresh Ramasubramanian)
Date: Sun, 08 Feb 2004 16:30:56 +0530
"Mikael" == Mikael Abrahamsson <swmike () swm pp se> writes:
Mikael> On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote: Mikael> I have asked about this before. Wouldnt it be very nice if Mikael> there was a standardized way to report IP-number and Mikael> timestamp and type of complaint? There isn't one yet. Some people are trying to put together a simplistic looking BCP - http://www.tmisnet.com/~strads/spam/bcp.html Mikael> I've seen something produced by some workgroup (RIPE?) but Mikael> that was a huge document about XML and it seemed Mikael> non-trivial to implement. I was more into the idea of Mikael> having basically email headers like: There is a RIPE WG on spam (I think chaired by Rodney Tillotson from JANET/CERT). But I don't recall something like this being proposed .. and XML is a rather unruly beast to manage, especially for joe user. Your idea of headers might work - or something on the lines of send-pr on *bsd. All that the NOC staff receiving it would require is that it stays simple, without stuff like : Frenzied abuse Screenshots from fancy IDS / software firewall products Long lectures on why spam / DDoS / other network abuse is bad A short two or three line summary of the issue, accurate timestamps and a set of excerpts from your logs (not a whole lot, just enough to make the situation obvious) should be enough. Another big help is giving the NOC access to a good ticketing system which understands the difference between customer support and net abuse handling (here, your customers are the problems, for starters). RT3 has a lot of code (courtesy Paul Vixie and the other people at MAPS who were hacking on it) - but there's a nice new product called Abacus - http://word-to-the-wise.com/abacus that looks promising. srs
Current thread:
- RE: Monumentous task of making a list of all DDoS Zombies., (continued)
- RE: Monumentous task of making a list of all DDoS Zombies. Wayne Gustavus (nanog) (Feb 07)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 07)
- Re: Monumentous task of making a list of all DDoS Zombies. Sean Donelan (Feb 07)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 07)
- Re: Monumentous task of making a list of all DDoS Zombies. Iljitsch van Beijnum (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Iljitsch van Beijnum (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Scott A Crosby (Feb 09)
- abusereporting (was Re: Monumentous task of making a list) Mikael Abrahamsson (Feb 08)
- Re: abusereporting Suresh Ramasubramanian (Feb 08)
- Re: abusereporting (was Re: Monumentous task of making a list) Steven M. Bellovin (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Guðbjörn Hreinsson (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Sean Donelan (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 08)
- RE: Monumentous task of making a list of all DDoS Zombies. Steve Birnbaum (Feb 10)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 10)
- Re: Monumentous task of making a list of all DDoS Zombies. E.B. Dreger (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Sean Donelan (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. E.B. Dreger (Feb 08)