|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: adviCe on network security report
[In the message entitled "Re: adviCe on network security report" on Nov 2, 8:54, "J. Oquendo" writes:] > > Out of curiousity (and I doubt many will respond publicly to this) how many > people have had success versus failure when dealing with abuse issues. I'm > thinking for every answered message sent to abuse (non autoresponder), one > will likely see more than 7-10 failures. Failures include an autoresponse, > nothing ever done, no response ever returned, a response returned a quarter of > a century later... > I did a study on this a few years ago. I sent out about 20,000 abuse reports, all by hand, to various network around the world. They all came from this email address, and were clearly identified as non-robotic, personal messages. There were "many" bounces. Less that 5% received any response. Less than 1% received any action within 30 days. With apologies to Sean, I know that ISP abuse desks are overworked, and under-empowered. *MANY* of the abuse desks today use spam content filters (!) on their abuse desks, which certainly cut down on the number of spam reports they get! However, this is an unacceptable way to run, in my personal opinion. Part of the problem is scale. The industry has not given ISPs the tools to deal with masses of end user computers. The vast majority of the problems today are compromised end-user computers. Many ISPs are unaware, even at the abuse desk level, of the number of compromised computers on their networks. Some ISPs, the exception rather than the norm, do take an active role in monitoring their networks, and alerting customers to unusual behavior. Typically, this is done with custom applications, usually written in-house. And yes, the company I work for is working on solutions for this. --
|