Re: Automated Network Abuse Reporting

[Doug Luce <doug () nanog con com>]

When we get something that looks automated, we send back a reply saying
"We received this, if you'd like us to take action, please have a human
reply."

I've been thinking of instead having them send us a cryptographic hash of
their message, saying that we MUST have all such notifications validated.
I'd give them the URL to some page that would provide the hash, of course.

Doug


On Mon, 29 Dec 2003, Joel Jaeggli wrote:

> if you automate abuse reporting you can basically assume that the reciver
> will automate abuse handling. since that has in fact happened as far as i
> can tell the probably of you automated asbuse replaies ever reaching a
> human who cares or can do something about it is effecetivly zero.
>
> joelja
>
> On Mon, 29 Dec 2003, Jason Lixfeld wrote:
>
> > We're a small company but none the less are inundated with firewall
> > logs reporting numerous attempts to find holes in our network; c'est la
> > vie.  Seeing as how we are small, we don't have the resources to go
> > through and send emails off to the abuse departments of each network
> > sourcing the probes.  Question is:  Has there been development of some
> > sort of intelligent unix land app that can understand Cisco syslog
> > output, find the abuse departments of the sourcing networks and send
> > them off a nice little FYI?
>
> --
> --------------------------------------------------------------------------
> Joel Jaeggli                 Unix Consulting         joelja () darkwing uoregon edu
> GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2