Re: NANOG 44 (Los Angeles): ISP Security BOF

• From: Sean Donelan
• Date: Sat Oct 04 16:32:08 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

relevant information in a useful format about abuse/use of their
downstream networks. When I was at AS701 there were consistently folks
who'd say this or that customer is obviously bad, why hadn't we
disconnected them? When looking through abuse tickets for issues we
could bring to management as ammo for disconnection often a majority
of complaints related to the customer in question were not complete,
didn't have enough information, didn't have ANY information in them.

How can we, as a community get better at providing complete and useful
information (ip, timestamp+timezone, act-that-caused-ire)
How can we, as a community, get better at tying together the bits and
pieces that are one issue? (atrivo/intercage/ukrtelecom/hostfresh)

There is a large crowd of motivated people, but often they don't seem
to know how to put together everything they've down into an actionable
package.  They get frustrated, and it usually declines into the ISP's
suck debate. Even security vendors selling things don't understand what
is needed to quickly process abuse complaints (e.g. many examples from
useless logs generated by IDS/personal firewalls).

• References:
  • Re: NANOG 44 (Los Angeles): ISP Security BOF Christopher Morrow

• Prev by Date: Re: Used (SONET) equipment sources/lists?
• Next by Date: gmail or google postmaster around?
• Date Index
• Thread Index
• Author Index
• Historical