nanog mailing list archives
Re: advise on network security report
From: "Chris L. Morrow" <christopher.morrow () verizonbusiness com>
Date: Wed, 01 Nov 2006 02:16:01 +0000 (GMT)
On Tue, 31 Oct 2006, Rick Wesson wrote:
Whatever service you end up offering, a a full-text RSS or Atom feed would probably be useful, as well.we do CSV for detail reporting and will be posting these directly to the abuse@ mbox for the nextworks we have contacts for.
whichever notification method you use you need to include information that the abuse@ address folks can actually use. Saying: "machine 1.2.3.4 sent spam" isn't useful, however sending: -----------------------------example--------------------- machine 1.2.3.4 delivered this spam: <full spam mail with headers> -----------------------------end example---------------- is useful... Extend that to virus/trojan/bot/C&C info of course (send logs of the abuse). If you don't provide this there is no reasonable way to affect change. Also, make sure that whatever you send is machine parsable, it'd be great to send things in some 'standards compliant' manner as well (INCH perhaps?) sending an email that a human has to process will get that email deleted/ignored/not-processed-to-your-satisfaction. I also believe that since you are aiming at something machine parseable you should submit one email per 'incident' you are reporting, that way abuse@ folks can judge the volume of the problem in a fairly simple manner. it's just an opinion or 3... :) Oh, and as Scott said, pleaes tag the subject so it can get procmail'd appropriately. -Chris
Current thread:
- advise on network security report Rick Wesson (Oct 30)
- Re: advise on network security report Roland Dobbins (Oct 30)
- Re: advise on network security report Jim Popovitch (Oct 30)
- Re: advise on network security report Rick Wesson (Oct 31)
- Re: advise on network security report Roland Dobbins (Oct 31)
- Re: advise on network security report Chris L. Morrow (Oct 31)
- RE: advise on network security report Barry Greene (bgreene) (Oct 31)
- Re: advise on network security report Rick Wesson (Oct 31)
- <Possible follow-ups>
- Re: advise on network security report Fergie (Oct 30)
- Re: advise on network security report Rick Wesson (Oct 30)
- Re: advise on network security report Steve Atkins (Oct 30)
- Re: advise on network security report Randy Bush (Oct 30)
- Re: advise on network security report Steve Atkins (Oct 30)
- Re: advise on network security report Rick Wesson (Oct 30)
- Re: advise on network security report Roland Dobbins (Oct 30)