|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: advise on network security report
On Tue, 31 Oct 2006, Rick Wesson wrote: > > > Whatever service you end up offering, a a full-text RSS or Atom feed > > would probably be useful, as well. > > we do CSV for detail reporting and will be posting these directly to the > [email protected] mbox for the nextworks we have contacts for. whichever notification method you use you need to include information that the [email protected] address folks can actually use. Saying: "machine 1.2.3.4 sent spam" isn't useful, however sending: -----------------------------example--------------------- machine 1.2.3.4 delivered this spam: <full spam mail with headers> -----------------------------end example---------------- is useful... Extend that to virus/trojan/bot/C&C info of course (send logs of the abuse). If you don't provide this there is no reasonable way to affect change. Also, make sure that whatever you send is machine parsable, it'd be great to send things in some 'standards compliant' manner as well (INCH perhaps?) sending an email that a human has to process will get that email deleted/ignored/not-processed-to-your-satisfaction. I also believe that since you are aiming at something machine parseable you should submit one email per 'incident' you are reporting, that way [email protected] folks can judge the volume of the problem in a fairly simple manner. it's just an opinion or 3... :) Oh, and as Scott said, pleaes tag the subject so it can get procmail'd appropriately. -Chris
|