[54735] in North American Network Operators' Group
Re: Scaled Back Cybersecuruty
daemon@ATHENA.MIT.EDU (Bryan Bradsby)
Tue Jan 14 16:20:03 2003
Date: Tue, 14 Jan 2003 15:17:43 -0600 (CST)
From: Bryan Bradsby <Bryan.Bradsby@capnet.state.tx.us>
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: Paul Vixie <vixie@vix.com>, <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.33.0301141925090.17261-100000@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
> One problem with notifications typically (that I've seen) is that there is
> no one to notify...
We tried notifications to the netblock owner for every incident that
exceeded a reasonable threshold. [1]
It takes a lot of time to find netblock owners. Even after investing
self to try to make the net a better place, the satisfactory response rate
is very small.
> there may be an email address, but most likely that's not even
> watched/read/responded-to/reacted-upon.
ditto.
> recieve less than 1 in 3K responses :(
We may not have time to answer each of the mechanized notifications, but
we process and respond to each incident. If only every ISP did at least
that.
> To start fixing this problem every ISP really needs some security folks
> dedicated to customer security issues...
I am the point of contact for the net in the sig below. We take all
network abuse notifications seriously, and follow up with our customers.
I am not hard to find.
whois -h whois.arin.net bb122-arin
> Hopefully, once there are security folks at all ISP's the ISP's will be
> able to speak intelligently and civily to each other to cooperate and
> contain problems.
Amen.
At your service,
-bryan bradsby
Texas State Government Net
me: 512-936-2248
NOC: 512-475-2432 877-472-4848
--
If all the world's a stage, I want to operate the trap door.
-- Paul Beatty
[1] (see: "Firewall Seen" by Robert Graham)
http://www.robertgraham.com/pubs/firewall-seen.html
