Re: abuse reporting tools

[Robert Drake <rdrake () direcpath com>]

On 11/18/2014 8:11 PM, Michael Brown wrote:
> We need to come up with some sort of international Abuse Reduction and Reporting Engagement Suite of Tools as a Service.
>
> M.
I've been considering a post for a couple of weeks but decided most of 
my complaints were petty.  I've been getting lots of "ssh attacks 
against my network" emails from various people on the internet.  All of 
them have no standard for what logs they show or what format they show 
them in, or what format the whole email is in, so frequently I'm being 
told "Trust me, based on this one connection attempt to this 
non-qualified hostname that occured on this non-TZ timestamp, you need 
to stop your users abuse."

Immediately thereafter they tell me the IP address has already been 
blocked in their firewall for an unspecified length of time and give no 
routes for amelioration.  So I'm left with a very unsatisfactory feeling 
of either shutting down a possibly innocent customer based on a machines 
word, or attempting to start a dialog with 
random_script_user_99 () hotmail com.

I suspect someone is going to pipe up in a second and say that there is 
a suite of tools, but the real problem is that nobody is using it.

Robert