On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins <rdobb...@arbor.net> wrote: > > On 8 Nov 2014, at 1:56, srn.na...@prgmr.com wrote: > >> But right now how should we be doing it? > > <http://www.team-cymru.org/Services/ip-to-asn.html>
Once you get the ASN or at least the domain name of the ISP providing service to the reflecting host, several major reputable ISPs (including my employer, who I can't name because I'm not an official spokesperson) will welcome RFC 5070 "IODEF" reports for general network abuse and RFC 5965 "MARF" format for email abuse, directed to abuse@ the main domain for that ISP. http://www.ietf.org/rfc/rfc5070.txt http://www.ietf.org/rfc/rfc5965.txt -- Paul W Bennett