[191213] in North American Network Operators' Group
Re: Handling of Abuse Complaints
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Mon Aug 29 12:37:41 2016
X-Original-To: nanog@nanog.org
From: Paul Ferguson <fergdawgster@mykolab.com>
In-Reply-To: <a9c166a30a424f88921657a16339d363@Warner1202.warner.local>
Date: Mon, 29 Aug 2016 09:37:28 -0700
To: Gareth Tupper <Gareth.Tupper@warnerpacific.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_60826A60-D58C-4F61-9C42-2BF5B4BF35B7
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
I would suggest that violation of the ISP=E2=80=99s ToS should also be =
consideration, since what may be illegal in one jurisdiction may not be =
illegal in some other jurisdictions.
Repeated abuse and violations of an ISP=E2=80=99s ToS should also be a =
consideration to terminate a customer relationship, and ISPs are fully =
within their rights to take this type of action.
- ferg
> On Aug 29, 2016, at 9:31 AM, Gareth Tupper =
<Gareth.Tupper@warnerpacific.com> wrote:
>=20
> "unlawfully" is probably redundant, unless these are otherwise =
law-abiding cyber criminals.
>=20
> /pedant
>=20
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of William =
Herrin
> Sent: Monday, August 29, 2016 9:28 AM
> To: Jason Lee <jason.m.lee@gmail.com>
> Cc: nanog@nanog.org
> Subject: Re: Handling of Abuse Complaints
>=20
> Dear Customer,
>=20
> Cyber criminals are using your network (and ours) to unlawfully attack =
other computers on the Internet.
>=20
> The specific security problem with your DNS server at 127.0.0.1 was =
first reported to you on Date1 (original message attached). Please be =
advised that we will interrupt network access to that server on Date2.
> This will likely disrupt your service.
>=20
> To avoid disruption, please contact me at Email with a mitigation plan =
no later than close of business Date3.
>=20
> I stand ready to assist any way that I can.
>=20
> Regards,
> Your Name
>=20
>=20
>=20
>=20
>=20
> On Mon, Aug 29, 2016 at 11:55 AM, Jason Lee <jason.m.lee@gmail.com> =
wrote:
>> NANOG Community,
>>=20
>> I was curious how various players in this industry handle abuse =
complaints.
>> I'm drafting a policy for the service provider I'm working for about
>> handing of complaints registered against customer IP space. In this
>> example I have a customer who is running an open resolver and have
>> received a few complaints now regarding it being used as part of a =
DDoS attack.
>>=20
>> My initial response was to inform the customer and ask them to fix =
it.
>> Now that its still ongoing over a month later, I'd like to take =
action
>> to remediate the issue myself with ACLs but our customer facing team
>> is pushing back and without an idea of what the industry best =
practice
>> is, management isn't sure which way to go.
>>=20
>> I'm hoping to get an idea of how others handle these cases so I can
>> develop our formal policy on this and have management sign off and be
>> able to take quicker action in the future.
>>=20
>> Thanks,
>>=20
>> Jason
>=20
>=20
>=20
> --
> William Herrin ................ herrin@dirtside.com bill@herrin.us =
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
>=20
>=20
> This electronic mail transmission contains information from Warner =
Pacific Insurance Services that may be confidential or privileged. Such =
information is solely for the intended recipient, and use by any other =
party is not authorized. If you are not the intended recipient, be aware =
that any disclosure, copying, distribution or use of this message, its =
contents or any attachments is prohibited. Any wrongful interception of =
this message is punishable as a Federal Crime. If you have received this =
message in error, please notify the sender immediately by telephone =
(800) 801-2300 or by electronic mail at postmaster@warnerpacific.com.
=E2=80=94
Paul Ferguson
ICEBRG.io
Seattle, Washington, USA
--Apple-Mail=_60826A60-D58C-4F61-9C42-2BF5B4BF35B7
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iF4EAREKAAYFAlfEZMsACgkQKJasdVTchbIKZQD9EKSdcBVIDNve8Pp8YVrTyw0g
VKAqYgICLOd2ccD+4k0A/AyFEf5SjFtxvtFHRSW+h0R1l9FPuFl5u8fikBxQkT0b
=qvvy
-----END PGP SIGNATURE-----
--Apple-Mail=_60826A60-D58C-4F61-9C42-2BF5B4BF35B7--
