Home page logo

nanog logo nanog mailing list archives

Re: Yahoo, Google, Microsoft contact?
From: "Christopher L. Morrow" <christopher.morrow () verizonbusiness com>
Date: Fri, 03 Feb 2006 19:32:04 +0000 (GMT)

On Fri, 3 Feb 2006, Richard Cox wrote:

On Fri, 03 Feb 2006 12:42:04 -0500
Martin Hannigan <hannigan () renesys com> wrote:

I'd like to see evidence that there is a problem. For example, don't
see why these worm lists couldn't have just gone to the abuse address.

Of course that's the right answer.  IN THEORY.  The practice is rather
different, and that's WHY the need for some direct contact exists.

I followed through with two large UK ISPs, who had both had the list of
worm IPs sent to their official abuse address.  In neither case had the
mail been read or passed on.  A copy to their security specialists was
appreciated, and resulted in much hurried activity.  No, I'm not going
to identify who they were; there probably would have been many more ISPs
in that position if I'd looked further.

you are surprised that a URL in email with little useful explanation was
passed over by their ticketting system? Direct access works for small
cases, or important high value targets... Abusing that with a big list, or
massive oversubscription will just cause it to fail.

If you have a large scale problem, use the accepted large scale problem
bucket: abuse@  don't find some lonely person who spends their personal
time to help you on individual cases or high priority items to abuse with
this... 'use the right tool for the job'.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]