Re: Abuse Desks

[Matt Corallo via NANOG <nanog () nanog org>]

Good thing I care, but that's missing the point here - the volume of abuse requests makes the entire abuse system
unworkable. Not for me so much, I can deal with the volume (a few obnoxious individuals aside), but AWS/OVH/Hertzner
appear to have decided they cannot, and that means I can't contact them if there's something more serious going on.

I highly doubt so many folks "don't care" about potentially compromised hosts, in fact I know for sure several of them
have deployed a number of full-time staff to build solutions to monitor for such things. The fact that those solutions
often don't involve their abuse system should tell us something.

Matt

On 4/29/20 3:44 AM, Dan Hollis wrote:
> On Tue, 28 Apr 2020, Matt Corallo wrote:
> > Sadly dumb kids are plentiful. If you have to nag an abuse desk every time they sell a server to a kid who’s
> > experimenting with nmap for the first time then.... we’ll end up exactly where we are - abuse contacts are not a
> > reliable way to get in touch with anyone, and definitely not a reliable way to do so fast or with any reasonably 
> > large
> > network. Please don’t clog the otherwise-useful system.
>
> compromised servers on your infrastructure hosting nigerian criminals look much the same as a script kiddie
> experimenting with nmap.
>
> > If you have trouble sleeping at night, I’d recommend the “PasswordAuthentication no” option in sshd_config.
>
> you either care about reports of potentially compromised hosts on your infrastructure or you don't.
>
> -Dan