[67324] in North American Network Operators' Group
abusereporting (was Re: Monumentous task of making a list)
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Sun Feb 8 04:43:49 2004
Date: Sun, 8 Feb 2004 10:43:11 +0100 (CET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: nanog@merit.edu
In-Reply-To: <4025E4F5.6070507@outblaze.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote:
> The problem with trojans etc is that there so damn many of them, so the
> less time spent actually tracking down the user who was on IP X at time
> Y, the better it is for the ISP's staffers who handle complaints about
> these.
I have asked about this before. Wouldnt it be very nice if there was a
standardized way to report IP-number and timestamp and type of complaint?
I've seen something produced by some workgroup (RIPE?) but that was a huge
document about XML and it seemed non-trivial to implement. I was more into
the idea of having basically email headers like:
X-ABUSEREPORT-IP: <ip>
X-ABUSEREPORT-DATE: <unix timestamp>
X-ABUSEREPORT-TYPE: <spam|abuse|ddos|other>
This should make it trivial for most automated tools to append this
(spambouncer etc) and make it much easier for the abuse system to do a
user lookup before presenting the abuse email to the handler, even
providing the user email address so the handler can take action.
--
Mikael Abrahamsson email: swmike@swm.pp.se
