North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Q: What do ISPs really think about security issues?
On Jan 11, 2008 8:01 PM, Gadi Evron <ge@xxxxxxxxxxxx> wrote: > Naturally, diversity is not *always* good, which is the second ammendment > to the thinking process. Yes, diversity is actually a good idea when everybody concerned is aware of what the others are doing, and at least coordinate to some extent if they are in the same space. You aren't going to achieve some monolithic conference that will become the go-to place for everything in this field, for sure. > It is not about an holier than thou attitude, it's about understanding > that the Internet is truly the only functioning anarchy, and that "doing" Perhaps I ought to explain. That remark was about at least some people / groups who routinely send takedown notices. Arrogance coupled with a sad lack of clue at one end (lots of tier 1 techs, often outsourced to some place with far more customer support clue than actual abuse desk clue, employed to send alerts, without the least idea of how to send these) One particular vendor that saw a nigerian create a free email account dhl@[one of our domains], and went after our registrar trying to get the domain itself canceled. Some fun ensued when I emailed all that to the VP of their parent company (for whom takedown services appears to be a sideline, at best). That lot has behaved themselves for a while I must say Another vendor who, after being given clear escalation paths, first kept cc'ing our upstream abuse desk, and every role account OTHER than abuse at our domain. When they finally get enough clue hammered into them to cc our abuse desk, they escalate to my work address within two hours of that, demanding it be taken down. Our abuse desk would handle tix within a business day, or even earlier. And email about phish takes priority right after (say) LE requests that find their way there (instead of the special POC we already have given most LE agencies). So, escalating a manual complaint after two hours is a bit thick, I'd say. Anyway, that particular vendor got told to take a hike, told that we wouldnt accept any further reports from them (and that our automated scripts kill about 20 for every one that they report anyway), and that we'd contact the one client they seem to send these alerts for directly and set up something more automated, where they could send us a list (in a standard format, and verified at their end) and we'd take it down automatically. Of course with manual review later. Neither of those two takedown services (especially not the one in #2) is going to get anything like this offered to them. Not until they actually learn to play nice with other ISPs. Which comes right back to Sean's remark that I replied to. Sorry for the long emails, but I do wish more takedown services (and more abuse / security desks) would read the MAAWG abuse desk best practice document .. http://www.maawg.org/about/publishedDocuments/Abuse_Desk_Common_Practices.pdf --srs -- Suresh Ramasubramanian (ops.lists@xxxxxxxxx)