nanog mailing list archives

Re: Abuse Desks

From: Mike Hammett <nanog () ics-il net>
Date: Wed, 29 Apr 2020 11:14:41 -0500 (CDT)

A standard would be nice. In some of the auto-responders, I get requirements that conflict or are unreasonable. 




    * We don't accept abuse complaints via e-mail, please submit via this site: Yeah, okay. That's not scaleable. 
    * Network A wants time in GMT, while network B wants time in their local timezone. How do I know that ahead of 
time? Adjusting for that isn't scaleable 



Some are asking for my IP address. Okay, I get that if you have CGNAT running, you need to know that to check your 
logs. Now I gotta figure out how to get my IP address into the log. Many of the devices watched have more than one IP 
address. 




Having a standard would make generation of reports and processing of said reports a lot easier to automate. 



----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: sronan () ronan-online com 
To: "NANOG" <nanog () nanog org> 
Sent: Wednesday, April 29, 2020 10:25:19 AM 
Subject: Re: Abuse Desks 

Perhaps some organization of Network Operators should come up with an objective standard of what constitutes “abuse” 
and a standard format for reporting it. 

If only there was such an organization. 

Sent from my iPhone

On Apr 29, 2020, at 11:14 AM, Chris Adams <cma () cmadams net> wrote: 

Once upon a time, Mukund Sivaraman <muks () mukund org> said:

If an abuse report is incorrect, then it is fair to complain.


The thing is: are 3 failed SSH logins from an IP legitimately "abuse"? 

I've typoed IP/FQDN before and gotten an SSH response, and taken several 
tries before I realized my error. Did I actually "abuse" someone's 
server? I didn't get in, and it's hard to say that the server resources 
I used with a few failed tries were anything more than negligible. 

I've had users tripped up by fail2ban because they were trying to access 
a server they don't use often and took several tries to get the password 
right or had the wrong SSH key. Should that have triggered an abuse 
email? 

-- 
Chris Adams <cma () cmadams net>

Current thread:

Re: Abuse Desks, (continued)
- - - Re: Abuse Desks Mike Hammett (Apr 29)
    - Re: Abuse Desks J. Hellenthal via NANOG (Apr 29)
    - Re: Abuse Desks bzs (Apr 29)
    - Re: Abuse Desks Dan Hollis (Apr 29)
    - Re: Abuse Desks Matt Corallo via NANOG (Apr 29)
    - Re: Abuse Desks Chris Adams (Apr 29)
    - Re: Abuse Desks sronan (Apr 29)
    - Re: Abuse Desks Mel Beckman (Apr 29)
    - Re: Abuse Desks Shane Ronan (Apr 29)
    - Re: Abuse Desks Mel Beckman (Apr 29)
    - Re: Abuse Desks Mike Hammett (Apr 29)
    - Re: Abuse Desks Valdis Klētnieks (Apr 29)
    - Re: Abuse Desks Joe Greco (Apr 29)
    - Re: Abuse Desks Mel Beckman (Apr 29)
    - Re: Abuse Desks Joe Greco (Apr 29)
    - Re: Abuse Desks Stephen Satchell (Apr 29)
    - Re: Abuse Desks Sabri Berisha (Apr 29)
    - Re: Abuse Desks Mel Beckman (Apr 29)
    - Re: Abuse Desks Sabri Berisha (Apr 29)
    - Re: Abuse Desks Mukund Sivaraman (Apr 29)
    - Re: Abuse Desks Stephen Satchell (Apr 29)

(Thread continues...)