[88391] in North American Network Operators' Group
Re: Yahoo, Google, Microsoft contact?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Fri Feb 3 14:37:16 2006
Date: Fri, 03 Feb 2006 19:32:04 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@verizonbusiness.com>
In-reply-to: <20060203191325.E04A.RICHARD@mandarin.com>
To: Richard Cox <Richard@mandarin.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Fri, 3 Feb 2006, Richard Cox wrote:
>
> On Fri, 03 Feb 2006 12:42:04 -0500
> Martin Hannigan <hannigan@renesys.com> wrote:
>
> > I'd like to see evidence that there is a problem. For example, don't
> > see why these worm lists couldn't have just gone to the abuse address.
>
> Of course that's the right answer. IN THEORY. The practice is rather
> different, and that's WHY the need for some direct contact exists.
>
> I followed through with two large UK ISPs, who had both had the list of
> worm IPs sent to their official abuse address. In neither case had the
> mail been read or passed on. A copy to their security specialists was
> appreciated, and resulted in much hurried activity. No, I'm not going
> to identify who they were; there probably would have been many more ISPs
> in that position if I'd looked further.
you are surprised that a URL in email with little useful explanation was
passed over by their ticketting system? Direct access works for small
cases, or important high value targets... Abusing that with a big list, or
massive oversubscription will just cause it to fail.
If you have a large scale problem, use the accepted large scale problem
bucket: abuse@ don't find some lonely person who spends their personal
time to help you on individual cases or high priority items to abuse with
this... 'use the right tool for the job'.
