North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Automated Network Abuse Reporting

  • From: Brian Bruns
  • Date: Mon Dec 29 12:34:54 2003

On Monday, December 29, 2003 11:24 AM [GMT-5=EST], Joel Jaeggli
<[email protected]> wrote:

> if you automate abuse reporting you can basically assume that the reciver
> will automate abuse handling. since that has in fact happened as far as i
> can tell the probably of you automated asbuse replaies ever reaching a
> human who cares or can do something about it is effecetivly zero.

Most likely, automated abuse reports will be treated like abuse reports from
users with those lovely software firewalls that whine all the time that their
ISP's nameserver is trying to hack them on port 53 (IE: thrown in with the
rest of the reports in the round filing cabinet on the floor next to the

I refused to accept automated abuse reports of probes or similar when I was an
ISP netadmin.

Portscans/pingscans/etc are not illegal (and I've seen this sucessfully proven
in court at least once).  They are illegal if you use it to bring down
someone's machine though.

Basically, if I were you, I'd turn your firewall's sensitivity WAY down and
only track events that are obviously attempts to hack.

Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources

The AHBL -