[97501] in North American Network Operators' Group
Re: Quarantining infected hosts (Was: FBI tells the public to call
daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Jun 18 11:30:25 2007
Date: Mon, 18 Jun 2007 11:25:47 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: nanog@nanog.org
In-Reply-To: <bb0e440a0706180822g4f0dd85ax59d65afe33c8fe7a@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote:
>> The best answer is probably paying for a strong ISP abuse team. But for
>> whatever reasons, some ISPs prefer to invest in other areas.
>
> Bah. Not to underrate having a strong and clued abuse team. However,
> throwing more people at this is a non starter. You need to automate.
Automation is a non-starter unless you have people to deal with the
exceptions. If you don't deal with exceptions, eventually problems with
any automated system will overwhelm you. You can only hid behind IVR
recordings "You call is very important to us" for so long.
