-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
If you send reports with lots of legal boilerplate, or reports with
long lectures on why you expect an INSTANT TAKEDOWN, and send them to
a busy abuse queue, there is no way - and zero reason -
On Tue, Apr 15, 2008 at 11:04 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
In fact, we have done just that -- develop a standard boilerplate
very similar to what PIRT uses in its notification(s) to the
stakeholders in phishing incidents.
The boilerplate is no damned use. PIRT - and you -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
Do ARF, do IODEF etc. You will find it much easier for abuse desks
that care to process your reports. You will also find it easier to
feed these into nationwide incident response / alert systems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
Do ARF, do IODEF etc. You will find it much easier for abuse desks
that care to process your reports. You will also find it easier to
feed these into nationwide incident response / alert systems
jamie (j) writes:
`
device, and by 'device' i mean router and/or switch) configuration
management (and (ideally) compliance-auditing_and_assurance) software.
We currently use Voyence (now EMC) and are looking into other options for
various reasons, support being in the top-3 ...
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
Really.
How many people are actually doing IODEF?
http://www.terena.org/activities/tf-csirt/iodef/
AISI - for example - and AISI feeds the top 25 australian ISPs - takes
IODEF as an input
And MAAWG does ARF, quite
The boilerplate is no damned use. PIRT - and you - should be
focusing on feedback loops, and that would practically
guarantee instant takedown, especially when the notification
is sent by trusted parties.
Again, our success rate is somewhere in the 50% neighborhood.
With the
Frank Bulk - iNAME wrote:
Yes, internet service providers and operators don't need to listen, but I
can't see how Yahoo's e-mail and abuse handling history arises out of good
business decisions.
How would Yahoo benefit from better staffing of their abuse desk? What
do they gain, besides
Well,
at Exodus we started talkimg about IASON.
In the long run everybody was afraid of IASON. They dared not
work on it.
Later I developed some bits and parts.
When we changed hardware in a small company (200 PCs, 20 servers
5 HP Procurve switches and two routers) IASON would discover
the
do you remember the days when some of us would only take routing table
updates
from andrew partan, because we trusted him?
that's what it's like now wrt takedowns.
do not minimize the use of malicious takedowns by twits and bad guys,
who fabricate a report
of misfeasance to get their
We're currently receiving the following prefix from TeliaSonera on one
of our IP transit links in Oslo:
62.0.0.0/8 *[BGP/170] 4d 22:23:07, localpref 100
AS path: 1299 29049 I
AS 29049 is:
aut-num:AS29049
as-name:Delta-Telecom-AS
descr:
On Tue, Apr 15, 2008 at 12:31:33PM +0530, Suresh Ramasubramanian wrote:
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
[snip]
It should be simple -- not require a freeking full-blown standard.
Its a standard. And it allows automated parsing of these complaints.
We're currently receiving the following prefix from
TeliaSonera on one of our IP transit links in Oslo:
aut-num:AS29049
as-name:Delta-Telecom-AS
descr: Delta Telecom LTD.
descr: International Communication Operator
descr: Azerbaijan Republic
I largely concur with the points that Paul's making, and would
like to augment them with these:
- Automation is far less important than clue. Attempting to compensate
for lack of a sufficient number of sufficiently-intelligent, experienced,
diligent staff with automation is a known-losing
[EMAIL PROTECTED] wrote:
We're currently receiving the following prefix from
TeliaSonera on one of our IP transit links in Oslo:
aut-num:AS29049
as-name:Delta-Telecom-AS
descr: Delta Telecom LTD.
descr: International Communication Operator
descr:
- Automation is far less important than clue. Attempting to
compensate for lack of a sufficient number of sufficiently-
intelligent, experienced, diligent staff with automation is
a known-losing strategy, as anyone who has ever dealt with
an IVR system knows.
Given that most of us use
On Tue, Apr 15, 2008 at 2:31 AM, Phil Regnauld [EMAIL PROTECTED] wrote:
jamie (j) writes:
`
device, and by 'device' i mean router and/or switch) configuration
management (and (ideally) compliance-auditing_and_assurance) software.
We currently use Voyence (now EMC) and are looking
I think he was saying that Delta Telecom don't *own* 62.0.0.0/8 and
therefore shouldn't be advertising it. Following that Telia shouldn't be
accepting the route and then re-announcing it to peers ...
Exactly.
Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec [EMAIL PROTECTED] wrote:
- Automation is far less important than clue. Attempting to compensate
for lack of a sufficient number of sufficiently-intelligent, experienced,
diligent staff with automation is a known-losing strategy, as anyone who
aut-num:AS29049
and *of course* they don't own 62.0.0.0/8.
Own!?
I think he was saying that Delta Telecom don't *own*
62.0.0.0/8 and therefore shouldn't be advertising it.
Following that Telia shouldn't be accepting the route and
then re-announcing it to peers ...
Of
On Tue, Apr 15, 2008 at 02:01:26PM +0100, [EMAIL PROTECTED] wrote:
- Automation is far less important than clue. Attempting to
compensate for lack of a sufficient number of sufficiently-
intelligent, experienced, diligent staff with automation is
a known-losing strategy, as anyone who
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec [EMAIL PROTECTED] wrote:
- Automation is far less important than clue. Attempting to
compensate
for lack of a sufficient number of sufficiently-intelligent,
experienced,
diligent staff with
On Tue, Apr 15, 2008 at 3:39 AM, [EMAIL PROTECTED] wrote:
http://xml.coverpages.org/iodef.html
SO, is it generally accepted to use IODEF to report non-SMTP abuse
(web/port scans, etc)?Everyone seems to be on the SMTP bandwagon
this week, what about the miscreant customers of Internet
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks
[EMAIL PROTECTED] wrote:
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
That is one place that modern antispam efforts fall apart. It's the
same problem that afflicts tech support in general. The problem exists
for the same reason
On Apr 15, 2008, at 10:31 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks
[EMAIL PROTECTED] wrote:
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
That is one place that modern antispam efforts fall apart. It's the
same problem that afflicts tech support in
But isn't this what nanog is for? It appears to be more on-topic than the
email threads. More E than S.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
There are tons of products out there. You could try looking at Cisco
Network Compliance Manager. It supposedly has built-in compliance rules for
financial institutions (GLB, SOX, etc). If you want to pay, people will
gladly take your money.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior
On Apr 15, 2008, at 7:31 AM, Jim Popovitch wrote:
On Tue, Apr 15, 2008 at 3:39 AM, [EMAIL PROTECTED] wrote:
http://xml.coverpages.org/iodef.html
SO, is it generally accepted to use IODEF to report non-SMTP abuse
(web/port scans, etc)?
Probably not, unless you're sending it to someone
On Tue, Apr 15, 2008 at 10:55 AM, Marshall Eubanks
[EMAIL PROTECTED] wrote:
On Apr 15, 2008, at 10:31 AM, William Herrin wrote:
how do you propose to motivate qualified folks to keep
working the abuse desk?
That is a good question. (I feel sure that many actually doing the job
would opt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Joe Provo [EMAIL PROTECTED] wrote:
It cannot be understated that even packet pushers and code grinders
who care get stranded in companies where abuse handling is deemed
by management to be a cost center that only saps resources. Paul,
you
William Herrin wrote:
Without conceding the garbage collection issue, let me ask you
directly: how do you propose to motivate qualified folks to keep
working the abuse desk?
Ask AOL?
-Jack
Yes, it is operational.
Best,
Marty
On 4/15/08, Fred Reimer [EMAIL PROTECTED] wrote:
But isn't this what nanog is for? It appears to be more on-topic than the
email threads. More E than S.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
Look into Ziptie.org
We use Alterpoint's Network Authority.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
jamie
Sent: Monday, April 14, 2008 9:13 PM
To: nanog@merit.edu
Subject: enterprise change/configuration management and compliance
software?
`
Gentlemen (and
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
My hunch says that's a non-starter. It also doesn't keep
I think he was saying that Delta Telecom don't *own*
62.0.0.0/8 and therefore shouldn't be advertising it.
Following that Telia shouldn't be accepting the route and
then re-announcing it to peers ...
Of course! ... /8? ... Azerbaijan? ... What was I thinking?...
Still, it would
On Apr 15, 2008, at 10:33 AM, Rich Kulawiec wrote:
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
My hunch
Hello-
ARIN was issued the IPv4 address blocks 173 /8 and 174 /8 by the IANA on
4 February 2008.
ARIN will be issuing /20 and shorter prefixes from these blocks to
customers within the next 2 weeks. Network operators may wish to adjust
any filters in place accordingly.
For
On Tue, Apr 15, 2008 at 10:56:02AM +0530, Suresh Ramasubramanian wrote:
On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
As I mentioned in my presentation at NANOG 42 in San Jose, the
biggest barrier we face in shrinking the time-to-exploit window
with regards
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins [EMAIL PROTECTED] wrote:
Unfortunately many of the skills required to be a competent abuse desk
worker are quite specific to an abuse desk, and are not typically possessed
by random technical staff.
Steve,
You don't, per chance, mean to
On Apr 15, 2008, at 11:54 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins [EMAIL PROTECTED]
wrote:
Unfortunately many of the skills required to be a competent abuse
desk
worker are quite specific to an abuse desk, and are not typically
possessed
by random
On Mon, Apr 14, 2008 at 9:13 PM, jamie [EMAIL PROTECTED] wrote:
Gentlemen (and Ren!):;-)
I'm currently investigating options w.r.t. enterprise-wide (over 250
device, and by 'device' i mean router and/or switch) configuration
management (and (ideally)
So, to bring this closer to nanog territory, it's a bit like
saying that all the sales and customer support staff should
be given enable access to your routers and encouraged to run
them on a rotating basis, so that they understand the
complexities of BGP and will better understand the
On 15 Apr 2008, at 11:22 , William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
At a long-previous employer we once toyed with the idea of having
On Tue, 15 Apr 2008 19:14:52 EDT, Joe Abley said:
The downside to such a plan from the customer's perspective is that
I'm pretty sure most of us would have been really bad helpdesk people.
There's a lot of skill in dealing with end-users that is rarely
reflected in the org chart or pay
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Some of the folks that are complaining about abuse response generate
revenue addressing these issues. Give me some of that. I'll give you
a priority line to the NOC.
Disclaimer; No offense intended to security
Martin Hannigan wrote:
Yes, it is operational.
On 4/15/08, Fred Reimer [EMAIL PROTECTED] wrote:
But isn't this what nanog is for? It appears to be more on-topic than the
email threads. More E than S.
As well as 62.0.0.0/8 there is 88.0.0.0/8 (originated by AS13064, with
upstreams of
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
They're too busy spamming and phishing to respond to abuse reports?
brandon
On Tue, 2008-04-15 at 10:56 +0530, Suresh Ramasubramanian wrote:
If you have high enough numbers of the stuff to report, do what large
ISPs do among themselves, set up and offer an ARF'd / IODEF feedback
loop or some other automated way to send complaints, that is machine
parseable, and
48 matches
Mail list logo
