On Fri, 3 Feb 2006, Richard Cox wrote:
> > On Fri, 03 Feb 2006 12:42:04 -0500 > Martin Hannigan <[EMAIL PROTECTED]> wrote: > > > I'd like to see evidence that there is a problem. For example, don't > > see why these worm lists couldn't have just gone to the abuse address. > > Of course that's the right answer. IN THEORY. The practice is rather > different, and that's WHY the need for some direct contact exists. > > I followed through with two large UK ISPs, who had both had the list of > worm IPs sent to their official abuse address. In neither case had the > mail been read or passed on. A copy to their security specialists was > appreciated, and resulted in much hurried activity. No, I'm not going > to identify who they were; there probably would have been many more ISPs > in that position if I'd looked further. you are surprised that a URL in email with little useful explanation was passed over by their ticketting system? Direct access works for small cases, or important high value targets... Abusing that with a big list, or massive oversubscription will just cause it to fail. If you have a large scale problem, use the accepted large scale problem bucket: abuse@ don't find some lonely person who spends their personal time to help you on individual cases or high priority items to abuse with this... 'use the right tool for the job'.
