Re: Abuse.cc ???

[Simon Lyall <simon.lyall () ihug co nz>]

On Thu, 3 Apr 2003, Gerald wrote:
> I hate to play devil's advocate here, but I've been on the receiving end
> of the abuse@ complaints that became unmanagable. The bulk of them
> consisting of:
>
> "Your user at x.x.x.x attacked me!" (And this is sometimes the
> nameserver:53 or mailserver:113)

We added this to the auto-reply of our abuse@ address:

--- cut - here ----

  For complaints of port scanning or supposed hacking attempts,
  complete logs of the abuse are required.  At a minimum, a log
  of abuse contains the time (including time zone) it happened,
  the hosts/ips involved and the ports involved.

  Please note that we received a large number of false complaints from people
  using personal firewall programs regarding port scanning. If you are
  submitting a complaint based on the logs from one of these programs we
  highly suggest you to read the following:

    http://www.samspade.org/d/persfire.html  AND
    http://www.samspade.org/d/firewalls.html

--- cut - here ----

The abuse guys concentrate on spam reports, open-relay reports and
sometimes port scanning reports from proper admins (these are easy to
spot). Junk from dshield.org and the like is pushed to the bottom of the
priority list. There are just too many random packets flying about for the
personal firewall reports to be useful.

The other problem is it's hard to act against a client based on one packet
received by some person on the other side of the world running a program
they don't understand. At least with spam reports you'll get several
independant reports with full headers and if they use our servers we'll
even have our own logs.

-- 
Simon Lyall.                |  Newsmaster  | Work: simon.lyall () ihug co nz
Senior Network/System Admin |  Postmaster  | Home: simon () darkmere gen nz
Ihug Ltd, Auckland, NZ      | Asst Doorman | Web: http://www.darkmere.gen.nz