adviCe on network security report

Mailman List Mirror (Read Only)
1

[In the message entitled "Re: adviCe on network security report" on Nov 2, 8:54, "J. Oquendo" writes:]

Out of curiousity (and I doubt many will respond publicly to this) how many
people have had success versus failure when dealing with abuse issues. I'm
thinking for every answered message sent to abuse (non autoresponder), one
will likely see more than 7-10 failures. Failures include an autoresponse,
nothing ever done, no response ever returned, a response returned a quarter of
a century later...

I did a study on this a few years ago. I sent out about 20,000 abuse reports,
all by hand, to various network around the world. They all came from this
email address, and were clearly identified as non-robotic, personal messages.
There were "many" bounces.

Less that 5% received any response.

Less than 1% received any action within 30 days.

With apologies to Sean, I know that ISP abuse desks are overworked, and
under-empowered. *MANY* of the abuse desks today use spam content filters (!)
on their abuse desks, which certainly cut down on the number of spam reports
they get! However, this is an unacceptable way to run, in my personal
opinion.

Part of the problem is scale. The industry has not given ISPs the tools to
deal with masses of end user computers. The vast majority of the problems
today are compromised end-user computers. Many ISPs are unaware, even
at the abuse desk level, of the number of compromised computers on
their networks. Some ISPs, the exception rather than the norm, do
take an active role in monitoring their networks, and alerting customers
to unusual behavior. Typically, this is done with custom applications,
usually written in-house.

And yes, the company I work for is working on solutions for this.

2

An excellent example of not listening to ISP abuse and security folks, and
what kind of results you get by not working with them.

I don't know why security complaint vendors haven't figured this out. The music industry complaint vendors were doing a much better of job of listening to ISPs security and abuse groups and trying to make things work as smoothly as possible for ISPs. Its not anywhere near 100%, but they
make the effort to get their reports working within as many different ISP's systems as they can. The financial industry is behind the music industry, but is also trying to work with ISPs.

I know every ISP is different. Some won't respond to anything. Others will do everything possible to figure out your complaint. But listening to the ones in the middle, and figuring out how to work with them will probably help improve things above 1%.

Because they take so much abuse as part of their normal job, even the most motivated abuse people don't go out of their way to have more people shout "You Suck" at them. On the other hand, I suspect if they believe you can make their jobs easier and not shout at them, they can be
very gregarious about what they need.