North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: NANOG 44 (Los Angeles): ISP Security BOF

  • From: Sean Donelan
  • Date: Sat Oct 04 16:32:08 2008

On Fri, 3 Oct 2008, Christopher Morrow wrote:
relevant information in a useful format about abuse/use of their
downstream networks. When I was at AS701 there were consistently folks
who'd say this or that customer is obviously bad, why hadn't we
disconnected them? When looking through abuse tickets for issues we
could bring to management as ammo for disconnection often a majority
of complaints related to the customer in question were not complete,
didn't have enough information, didn't have ANY information in them.

How can we, as a community get better at providing complete and useful
information (ip, timestamp+timezone, act-that-caused-ire)
How can we, as a community, get better at tying together the bits and
pieces that are one issue? (atrivo/intercage/ukrtelecom/hostfresh)

Is it that time of the year again for our annual discussion?

There is a large crowd of motivated people, but often they don't seem
to know how to put together everything they've down into an actionable
package.  They get frustrated, and it usually declines into the ISP's
suck debate. Even security vendors selling things don't understand what
is needed to quickly process abuse complaints (e.g. many examples from
useless logs generated by IDS/personal firewalls).

Would some current (or former, since the lawyers get a bit antsy) abuse desk folks from ISPs like to talk about putting together a training session about how to build and present an effective network abuse case
to an ISP/LEA?