Home page logo

nanog logo nanog mailing list archives

Re: Bizarre (.bz) abuse report - are we alone?
From: Jimmy Hess <mysidia () gmail com>
Date: Sun, 26 Aug 2012 22:27:41 -0500

Sending an automated message over e-mail without a working reply
address in the From: field and SMTP sender address is   a type of
spam,  and  you might choose to report as such.  That is, the
"report"  itself is abuse,  because no mechanism is provided to reply
to a person who sent the message.       Domain/IP contacts are
contacts to be reached by humans, not  "dumping addresses" for
automatic message robots  that cannot handle replies and coordinate to
resolve issues.

If the message had a valid return path,  then it may make sense, to
reply with a message that states you require the destination IP
address that was supposedly attacked, before your investigation

If they have bonafide abuse to report,  then they should be
cooperative in providing sufficient details to efficiently locate
records of that abuse.

It would be understandable,  if any efforts to locate alleged abuse
based on such limited information were limited,  or deferred,   until
the reporter could  provide sufficient details to properly identify
the abuse in the future via monitoring,  or   by  extracting logs for
traffic to the reported destination addresses.

Those are my thoughts on the matter.


On 8/26/12, Jay Hennigan <jay () west net> wrote:
OK, we're pretty vigilant about policing abusers on our network.  This
just showed up from "no-reply () abuse bz".  Please see my responses
inline.  Mail origin IP is from an ISP in the Netherlands.  Some
information redacted to protect the guilty.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]