RE: networks with many issues

["Kuhtz, Christian" <christian.kuhtz () bellsouth com>]

Rick,

Similar to what I expressed already in email directly to you, data
without timestamp of when a specific IP address was found to be an
offender is nearly worthless for action, and only interesting as
statistical chatter.. Except where you perhaps have business customers
(and the occasional residential customer) with static address
assignments.  Even still, acting on such 3rd party derived data for
things like AUP enforcement is probably still more problematic...

I understand the difficulty of coming up with a valid timestamp, but the
other part of this is operational realities that IP addresses temporary
assignments for a lot of broadband subs.

So, I guess, I wonder -- with the deficiencies indicated above -- what
operational use such a list would really have in the end. ;-)  Other
than yet another interesting metric of just how bad things are out
there(TM).

Regards,
Christian

> I've come across a few requests for reports with over 10,000 
> issues. for 
> the net ops folks that might have huge blocks with many 
> issues -- what 
> is the most relivant information? Also, how does one go about 
> solving a 
> large set of issues across a huge address space?
>
> Basickly I'm wondering if I can't build some tools to make 
> life easyer 
> and use the reports as an input to the tools.
>
> Also I'd be interested in how large reports should be broken down. I 
> have the issue, address, reverse dns, source and timestamp. 
> would it be 
> best to group the report by issue type.
>
> The issues I am track are
>     Open Proxy (http, socks, other)
>     Website with vunerabilities
>     Spam source( spammed honney pot, spamtrap)
>     Open Relay (smtp)
>
> Understand the timestamp is the time I saw the issue from the RBL. I 
> import data at best hourly and the DNSRBLs don't all have 
> timestamps for 
> their data.
>
> I am generaly interested in understanding how to produce 
> information and 
> tools that the large operaters can utilize effectively.
>
> I'd appreciate any thoughts and ideas on how to hande these problems.
>
>
> -rick

*****
"The information transmitted is intended only for the person or entity to which it is addressed and may contain 
confidential, proprietary, and/or privileged material.  Any review, retransmission, dissemination or other use of, or 
taking of any action in reliance upon, this information by persons or entities other than the intended recipient is 
prohibited.  If you received this in error, please contact the sender and delete the material from all computers."  118