nanog mailing list archives

RE: Handling of Abuse Complaints

From: Gareth Tupper <Gareth.Tupper () warnerpacific com>
Date: Mon, 29 Aug 2016 16:31:58 +0000

"unlawfully" is probably redundant, unless these are otherwise law-abiding cyber criminals.

/pedant

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of William Herrin
Sent: Monday, August 29, 2016 9:28 AM
To: Jason Lee <jason.m.lee () gmail com>
Cc: nanog () nanog org
Subject: Re: Handling of Abuse Complaints

Dear Customer,

Cyber criminals are using your network (and ours) to unlawfully attack other computers on the Internet.

The specific security problem with your DNS server at 127.0.0.1 was first reported to you on Date1 (original message 
attached). Please be advised that we will interrupt network access to that server on Date2.
This will likely disrupt your service.

To avoid disruption, please contact me at Email with a mitigation plan no later than close of business Date3.

I stand ready to assist any way that I can.

Regards,
Your Name

On Mon, Aug 29, 2016 at 11:55 AM, Jason Lee <jason.m.lee () gmail com> wrote:

NANOG Community,

I was curious how various players in this industry handle abuse complaints.
I'm drafting a policy for the service provider I'm working for about
handing of complaints registered against customer IP space. In this
example I have a customer who is running an open resolver and have
received a few complaints now regarding it being used as part of a DDoS attack.

My initial response was to inform the customer and ask them to fix it.
Now that its still ongoing over a month later, I'd like to take action
to remediate the issue myself with ACLs but our customer facing team
is pushing back and without an idea of what the industry best practice
is, management isn't sure which way to go.

I'm hoping to get an idea of how others handle these cases so I can
develop our formal policy on this and have management sign off and be
able to take quicker action in the future.

Thanks,

Jason




--
William Herrin ................ herrin () dirtside com  bill () herrin us Owner, Dirtside Systems ......... Web: 
<http://www.dirtside.com/>


This electronic mail transmission contains information from Warner Pacific Insurance Services that may be confidential 
or privileged. Such information is solely for the intended recipient, and use by any other party is not authorized. If 
you are not the intended recipient, be aware that any disclosure, copying, distribution or use of this message, its 
contents or any attachments is prohibited. Any wrongful interception of this message is punishable as a Federal Crime. 
If you have received this message in error, please notify the sender immediately by telephone (800) 801-2300 or by 
electronic mail at postmaster () warnerpacific com.

Current thread:

Handling of Abuse Complaints Jason Lee (Aug 29)
- Re: Handling of Abuse Complaints Hugo Slabbert (Aug 29)
- Re: Handling of Abuse Complaints William Herrin (Aug 29)
  - RE: Handling of Abuse Complaints Gareth Tupper (Aug 29)
    - Re: Handling of Abuse Complaints Paul Ferguson (Aug 29)
    - Re: Handling of Abuse Complaints Steve Atkins (Aug 29)
    - Re: Handling of Abuse Complaints William Herrin (Aug 29)
    - Re: Handling of Abuse Complaints Larry Sheldon (Aug 29)
- Re: Handling of Abuse Complaints Laszlo Hanyecz (Aug 29)
  - Re: Handling of Abuse Complaints Lee Fuller (Aug 29)
  - Re: Handling of Abuse Complaints Filip Hruska (Aug 29)
    - Re: Handling of Abuse Complaints Joe Maimon (Aug 29)
- Re: Handling of Abuse Complaints Stephen Satchell (Aug 29)
  - Re: Handling of Abuse Complaints Mark Andrews (Aug 29)

(Thread continues...)