Re: adviCe on network security report

["J. Oquendo" <sil () infiltrated net>]

Sean Donelan wrote:

> Hint, hint, hint.  When the abuse and security folks at ISPs give suggestions on how to best work with them, its 
> sometimes a good idea
> to listen.

What happens when the security folks are absent? This seems to be somewhat of the case concerning contacting 
"abuse@SOMEWHERE_OVER_THE_RAINBOW.com". Many times it starts there where someone will contact an abuse apartment that 
is likely not monitored. Let's be realistic here... Before someone shoots of a "your-so-off-topic-whiny-whiny-whiny" 
response. How many here have contacted an abuse and simply gotten 1) an autoresponder 2) no reply 3) undeliverable 4) 
no such account exists as opposed to getting something useful.

> ISP security and abuse folks generally know how bad the problems are. That
> isn't useful to getting their jobs done.  They usually have better information about how bad it is than most 
> third-parties.

See my previous sentence... What happens when they see it, shrug off a simple abuse message that may contain something 
useful because they're fending off a DDoS attack or something. Does an abuse message take less precendence than other 
security matters. What will ISP's do when someone lashes back and starts some form of class action lawsuit against an 
ISP whose engineers repeatedly sat around and <strike>read NANOG and whined</strike> and did nothing? Is that what it 
will take? So I contacted abuse () f00f00 org about some user there stealing my info, spamming me, doing something 
illegal, I messaged them 10 times, no response. How about... I sue them.

> ISP security and abuse teams already receive reports from almost every group in existence.  After they process the 
> high priority work, e.g. court orders from countries around the world, reports from customers, etc; figuring out how 
> to make the security and abuse teams lives easier is
> the key to getting your complaints to the top of the pile. Rankings of other ISPs doesn't change their workload.

Out of curiousity (and I doubt many will respond publicly to this) how many people have had success versus failure when 
dealing with abuse issues. I'm thinking for every answered message sent to abuse (non autoresponder), one will likely 
see more than 7-10 failures. Failures include an autoresponse, nothing ever done, no response ever returned, a response 
returned a quarter of a century later...


-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743

"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey