nanog mailing list archives
Re: Best practices for abuse@ mailbox and network abuse complaint handling?
From: Jeroen Massar <jeroen () unfix org>
Date: Fri, 11 May 2007 23:31:46 +0100
K K wrote: [..]
I'm hoping to find either a better and widely accepted way to handle non-spam-related network abuse complaints (hacking, DoS, etc), or at least best practices for triage on the huge volume of mail that comes into abuse@, procedures such that the rare legitimate complaint about non-spam network abuse can be routed to my team in a timely manner.
whois is the right one. But IMHO the ARIN whois is a bit limited and also odd, but that might be because I am used to seeing a different kind of data ;) In RIPE db we have a nice IRT (Incident Response Team) object which is meant for this, see amongst others: http://www.ripe.net/info/ncc/presentations/irt-tfcsirt6/sld001.html http://www.ripe.net/db/support/security/irt/irt-h2.html Next to that there is the 'abuse-mailbox' line which can be inserted with most objects, similarly to irt. These will at least allow your users to find you. Some of the tools out there that auto-spam abuse@ when they get a silly portscan use those fields, so at least you will get it at the right address and not at every other single address that is listed in whois. Greets, Jeroen
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Best practices for abuse@ mailbox and network abuse complaint handling? K K (May 11)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? Albert Meyer (May 11)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? K K (May 11)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? Jeroen Massar (May 11)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? John Levine (May 11)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? william(at)elan.net (May 11)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? K K (May 12)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? Douglas Otis (May 13)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? John Levine (May 13)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? K K (May 11)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? Albert Meyer (May 11)
- RE: Best practices for abuse@ mailbox and network abuse complaint handling? Stasiniewicz, Adam (May 12)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? Al Iverson (May 12)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? Gerry Boudreaux (May 12)
- Re: Best practices for abuse@ mailbox and network abuse complaint handling? Niels Bakker (May 12)