Re: Handling of Abuse Complaints

[William Herrin <bill () herrin us>]

Dear Customer,

Cyber criminals are using your network (and ours) to unlawfully attack
other computers on the Internet.

The specific security problem with your DNS server at 127.0.0.1 was
first reported to you on Date1 (original message attached). Please be
advised that we will interrupt network access to that server on Date2.
This will likely disrupt your service.

To avoid disruption, please contact me at Email with a mitigation plan
no later than close of business Date3.

I stand ready to assist any way that I can.

Regards,
Your Name





On Mon, Aug 29, 2016 at 11:55 AM, Jason Lee <jason.m.lee () gmail com> wrote:
> NANOG Community,
>
> I was curious how various players in this industry handle abuse complaints.
> I'm drafting a policy for the service provider I'm working for about
> handing of complaints registered against customer IP space. In this example
> I have a customer who is running an open resolver and have received a few
> complaints now regarding it being used as part of a DDoS attack.
>
> My initial response was to inform the customer and ask them to fix it. Now
> that its still ongoing over a month later, I'd like to take action to
> remediate the issue myself with ACLs but our customer facing team is
> pushing back and without an idea of what the industry best practice is,
> management isn't sure which way to go.
>
> I'm hoping to get an idea of how others handle these cases so I can develop
> our formal policy on this and have management sign off and be able to take
> quicker action in the future.
>
> Thanks,
>
> Jason



-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>