William Herrin wrote:
On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan [EMAIL PROTECTED] wrote:
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Martin,
So is marketing, yet marketing does have an impact on revenue.
It can be useful to explain the abuse desk as
So how do the little guys play in this sandbox?
3rd-party aggregation. Where do RBLs get there data?
They act as a 3rd party to aggregate data from many others.
- It needs to be simple to use. Web forms are a non-starter.
If you have the ability to accept reports via an HTTP REST
On Tue, Apr 15, 2008 at 08:49:39PM -0400, Martin Hannigan wrote:
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Two points, the first of which is addressed to this and the second
of which is more of a recommended attitude.
1. There is no doubt that many operations
On Wed, Apr 16, 2008 at 11:07:42AM +0100, [EMAIL PROTECTED] wrote:
If people had succeeded in cleaning up the abuse problems in 1995
when the human touch was still feasible, we would not have the
situation that we have today. Automation is the only way to address
the flood of abuse email, the
: Abuse response [Was: RE: Yahoo Mail Update]
So how do the little guys play in this sandbox?
3rd-party aggregation. Where do RBLs get there data?
They act as a 3rd party to aggregate data from many others.
snip
Consider this. Any single point source of abuse, say a single broadband
PC in a botnet
On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said:
- I'd like to see an actual response beyond an autoreply saying that you
can't tell me who the customer is or what actions were taken.
Well, let's see. If you're reporting abuse coming from my AS, it's almost
certainly one of 2 things:
1)
On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan [EMAIL PROTECTED] wrote:
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Martin,
So is marketing, yet marketing does have an impact on revenue.
It can be useful to explain the abuse desk as being just another form
of
It can be useful to explain the abuse desk as being just another form
of marketing, another form of reputation management that happens to be
specific to Internet companies.
Is it? I mean, I may know that (a hypothetical) example.com is a
pink-contract-signing batch of incompetents who spew
On Wednesday 16 April 2008 17:47, Dave Pooser wrote:
It can be useful to explain the abuse desk as being just another form
of marketing, another form of reputation management that happens to be
specific to Internet companies.
Is it?
.. SNIP good points about abuse desks ..
In the
Dave Pooser wrote:
Handling the abuse desk well (or poorly) builds (or damages) the brand.
...among people who are educated among such things. Unfortunately, people
with clue are orders of magnitude short of a majority, and the rest of the
world (ie: potential customers) wouldn't know an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- [EMAIL PROTECTED] wrote:
So what sort of response did you actually *want*?
Actually, I'm more concerned with alerting you that someone
inserted a nasty .js or iFrame on one of your websites and I'd
like to you to clean it up, thanks. ;-)
I'm
On 16 Apr 2008, at 13:33 , Simon Waters wrote:
Ask anyone in the business if I want a free email account who do I
use.. and
you'll get the almost universal answer Gmail.
I think amongst those not in the business there are regional trends,
however. Around this neck of the woods (for some
Subject: Re: Abuse response [Was: RE: Yahoo Mail Update]
From: [EMAIL PROTECTED]
Date: Wed, 16 Apr 2008 12:02:02 -0400
On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said:
- I'd like to see an actual response beyond an autoreply saying that you
can't tell me who the customer is or what
On Wed, Apr 16, 2008 at 03:39:05PM -0400, Joe Abley wrote:
On 16 Apr 2008, at 13:33 , Simon Waters wrote:
Ask anyone in the business if I want a free email account who do I
use.. and you'll get the almost universal answer Gmail.
I think amongst those not in the business there are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
If you send reports with lots of legal boilerplate, or reports with
long lectures on why you expect an INSTANT TAKEDOWN, and send them to
a busy abuse queue, there is no way - and zero reason -
On Tue, Apr 15, 2008 at 11:04 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
In fact, we have done just that -- develop a standard boilerplate
very similar to what PIRT uses in its notification(s) to the
stakeholders in phishing incidents.
The boilerplate is no damned use. PIRT - and you -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
Do ARF, do IODEF etc. You will find it much easier for abuse desks
that care to process your reports. You will also find it easier to
feed these into nationwide incident response / alert systems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
Do ARF, do IODEF etc. You will find it much easier for abuse desks
that care to process your reports. You will also find it easier to
feed these into nationwide incident response / alert systems
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
Really.
How many people are actually doing IODEF?
http://www.terena.org/activities/tf-csirt/iodef/
AISI - for example - and AISI feeds the top 25 australian ISPs - takes
IODEF as an input
And MAAWG does ARF, quite
do you remember the days when some of us would only take routing table
updates
from andrew partan, because we trusted him?
that's what it's like now wrt takedowns.
do not minimize the use of malicious takedowns by twits and bad guys,
who fabricate a report
of misfeasance to get their
On Tue, Apr 15, 2008 at 12:31:33PM +0530, Suresh Ramasubramanian wrote:
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
[snip]
It should be simple -- not require a freeking full-blown standard.
Its a standard. And it allows automated parsing of these complaints.
I largely concur with the points that Paul's making, and would
like to augment them with these:
- Automation is far less important than clue. Attempting to compensate
for lack of a sufficient number of sufficiently-intelligent, experienced,
diligent staff with automation is a known-losing
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec [EMAIL PROTECTED] wrote:
- Automation is far less important than clue. Attempting to compensate
for lack of a sufficient number of sufficiently-intelligent, experienced,
diligent staff with automation is a known-losing strategy, as anyone who
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec [EMAIL PROTECTED] wrote:
- Automation is far less important than clue. Attempting to
compensate
for lack of a sufficient number of sufficiently-intelligent,
experienced,
diligent staff with
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks
[EMAIL PROTECTED] wrote:
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
That is one place that modern antispam efforts fall apart. It's the
same problem that afflicts tech support in general. The problem exists
for the same reason
On Apr 15, 2008, at 10:31 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks
[EMAIL PROTECTED] wrote:
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
That is one place that modern antispam efforts fall apart. It's the
same problem that afflicts tech support in
On Tue, Apr 15, 2008 at 10:55 AM, Marshall Eubanks
[EMAIL PROTECTED] wrote:
On Apr 15, 2008, at 10:31 AM, William Herrin wrote:
how do you propose to motivate qualified folks to keep
working the abuse desk?
That is a good question. (I feel sure that many actually doing the job
would opt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Joe Provo [EMAIL PROTECTED] wrote:
It cannot be understated that even packet pushers and code grinders
who care get stranded in companies where abuse handling is deemed
by management to be a cost center that only saps resources. Paul,
you
William Herrin wrote:
Without conceding the garbage collection issue, let me ask you
directly: how do you propose to motivate qualified folks to keep
working the abuse desk?
Ask AOL?
-Jack
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
My hunch says that's a non-starter. It also doesn't keep
On Apr 15, 2008, at 10:33 AM, Rich Kulawiec wrote:
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
My hunch
On Tue, Apr 15, 2008 at 10:56:02AM +0530, Suresh Ramasubramanian wrote:
On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
As I mentioned in my presentation at NANOG 42 in San Jose, the
biggest barrier we face in shrinking the time-to-exploit window
with regards
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins [EMAIL PROTECTED] wrote:
Unfortunately many of the skills required to be a competent abuse desk
worker are quite specific to an abuse desk, and are not typically possessed
by random technical staff.
Steve,
You don't, per chance, mean to
On Apr 15, 2008, at 11:54 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins [EMAIL PROTECTED]
wrote:
Unfortunately many of the skills required to be a competent abuse
desk
worker are quite specific to an abuse desk, and are not typically
possessed
by random
So, to bring this closer to nanog territory, it's a bit like
saying that all the sales and customer support staff should
be given enable access to your routers and encouraged to run
them on a rotating basis, so that they understand the
complexities of BGP and will better understand the
On 15 Apr 2008, at 11:22 , William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
At a long-previous employer we once toyed with the idea of having
On Tue, 15 Apr 2008 19:14:52 EDT, Joe Abley said:
The downside to such a plan from the customer's perspective is that
I'm pretty sure most of us would have been really bad helpdesk people.
There's a lot of skill in dealing with end-users that is rarely
reflected in the org chart or pay
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Some of the folks that are complaining about abuse response generate
revenue addressing these issues. Give me some of that. I'll give you
a priority line to the NOC.
Disclaimer; No offense intended to security
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
They're too busy spamming and phishing to respond to abuse reports?
brandon
On Tue, 2008-04-15 at 10:56 +0530, Suresh Ramasubramanian wrote:
If you have high enough numbers of the stuff to report, do what large
ISPs do among themselves, set up and offer an ARF'd / IODEF feedback
loop or some other automated way to send complaints, that is machine
parseable, and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Paul Ferguson [EMAIL PROTECTED] wrote:
Mow, this has no bearing on the original subject (which I have now
forgotten what it is -- oh yeah, something about Yahoo! mail), but
it should be additional proof that the Bad Guys know how to
manipulate
On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
As I mentioned in my presentation at NANOG 42 in San Jose, the
biggest barrier we face in shrinking the time-to-exploit window
with regards to contacting people responsible for assisting in
mitigating malicious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
If you send reports with lots of legal boilerplate, or reports with
long lectures on why you expect an INSTANT TAKEDOWN, and send them to
a busy abuse queue, there is no way - and zero reason -
43 matches
Mail list logo
