North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: adviCe on network security report

  • From: Robert Boyle
  • Date: Thu Nov 02 20:18:00 2006

At 05:09 PM 11/2/2006, [email protected] (Dave Rand) wrote:
Over the last few years, I have worked with many ISPs.  The majority of the
problems had little to do with the format/style/volume of abuse complaints,
and a lot to do with empowering the abuse desks to take action.  "you
suck" was not an enabling message :-)
I don't know about other ISP networks because I am only responsible for one, but we find the huge volume of garbage/bogus/automated abuse messages makes it difficult to find the real abuse issues which we need to address. A customer who may forwarding all their email including spam to their /bigcommericalisp/ account which is then tagged as spam by the same user when it arrives at their account and then bounced to [email protected] doesn't constitute a valid abuse complaint in my mind. An ICMP echo packet received by some random idiot online running some broken and poorly designed "firewall" software which says he is being attacked by one of our customers does not merit an abuse report or response. However, an infected box on our network or a customer with an open smtp relay or an owned box on one of our client's transit connections from us does merit a reaction and as quickly as possible to limit the damage they can inflict on the rest of the community and likewise from a selfish standpoint - based on the retaliation which may be directed back at us. We try to be good neighbors, but all the garbage we receive makes it difficult to be as responsive as I would like. We have our dialup support folks check through the abuse box and forward anything which falls into the interested bucket to our NOC team. However, it simply doesn't make financial sense to have a full time person or people checking through the abuse box. When something is a real problem and the person on the other end needs a quick response, they can call us or check ARIN for netblock contact info. The addresses and numbers listed there will go straight to someone who can help. I wish abuse was used as intended instead of my every idiot programmer and script writer for their own "helpful" stuff we never asked for nor does it help us at all nor does it help the users.

-Robert



Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin