Home page logo

nanog logo nanog mailing list archives

Re: Yahoo, Google, Microsoft contact?
From: Richard Cox <Richard () mandarin com>
Date: Fri, 03 Feb 2006 19:23:24 GMT

On Fri, 03 Feb 2006 12:42:04 -0500
Martin Hannigan <hannigan () renesys com> wrote:

I'd like to see evidence that there is a problem. For example, don't
see why these worm lists couldn't have just gone to the abuse address.

Of course that's the right answer.  IN THEORY.  The practice is rather
different, and that's WHY the need for some direct contact exists.

I followed through with two large UK ISPs, who had both had the list of
worm IPs sent to their official abuse address.  In neither case had the
mail been read or passed on.  A copy to their security specialists was
appreciated, and resulted in much hurried activity.  No, I'm not going
to identify who they were; there probably would have been many more ISPs
in that position if I'd looked further.

the customer is shifting the cost of support off of their own provider
and on to the rest of us which is inherently not fair.

s/customer/provider/ - if the provider wasn't doing that, the customer
quite likely WOULD have gone directly to them.

I think it's ok to post these things to NANOG as long as there's more
information than just who they are looking for. If it's too private
to tell all of us, then don't use our list as a directory service.

True.  Nevertheless there is a need for some directory system, so that
appropriate people can contact key security etc people in other network
entities, without giving NANOG a full-disclosure on the situation ...

Richard Cox

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]