Security Incidents mailing list archives
Re: What to do if they ignore you
From: David A.Ulevitch <davidu () everydns net>
Date: Sat, 16 Apr 2005 18:10:28 -0700
On Apr 15, 2005, at 9:51 PM, Rory wrote:
There are a few things that would make dealing with these sorts of things easier, 1. Sending IDS Logs in UTC would be easier, converting GMT -07:00 to GMT +10:00 requires a whole lot more thinking that I'd like to put into a single investigation =P~ 2. Sending IDS Reports in a nicely formated way like D-Shield does, so you know where the datayou actually want is.3. Not putting so much crap about legalitys at the top of the email, scrolling is hard work, I getscroll wheel cramps sometimes.4. Don't be rude and spout nonsense in your emails, like "STOP YOURS COMPUTORS HAX0RING ME"as fun as is sending back canned replys, you get a bit sick of it.5. Threatening to blacklist my IP's is really not going to get you any more attention than anyone else.6. Don't expect a reply unless its a really major issue.7. Don't send me complaints for other bloody companies IP space godamnit!
Rory, A great list of things to do when contacting an abuse desk. Thanks.For the original poster -- When doing the above fails, contact the abuse desk of their upstream provider. If you have a good relationship with YOUR upstream provider, you can even try pinging them as they may have some direct contacts in the abuse desk of the source network.
Every major network these days has at least some clue behind the abuse desk. Certainly they are overwhelmed and overworked but they do exist and by going through the right channels and saying the right things (and more importantly, not the wrong things) your issue will likely be resolved.
Thanks, David Ulevitch -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- What to do if they ignore you Skip Carter (Apr 13)
- Re: What to do if they ignore you Jose Maria Lopez Hernandez (Apr 14)
- Re: What to do if they ignore you Kyle Maxwell (Apr 14)
- Re: [incidents] What to do if they ignore you Tim Kennedy (Apr 14)
- Re: What to do if they ignore you Doug Rutherford (Apr 14)
- Re: What to do if they ignore you Byron L. Sonne (Apr 14)
- Re: What to do if they ignore you Paul Schmehl (Apr 14)
- RE: What to do if they ignore you David Gillett (Apr 15)
- Re: What to do if they ignore you Rory (Apr 16)
- Re: What to do if they ignore you David A . Ulevitch (Apr 16)
- <Possible follow-ups>
- Re: What to do if they ignore you Harlan Carvey (Apr 14)
- RE: What to do if they ignore you Nigel van Houten (Apr 14)
- Re: What to do if they ignore you Harlan Carvey (Apr 14)
- RE: What to do if they ignore you Blake Swopes (Apr 14)
- Re: What to do if they ignore you Kyle Maxwell (Apr 14)
- Re: What to do if they ignore you Harlan Carvey (Apr 14)