Stupid Question: Network Abuse RFC?

Hash: SHA1

MAAWG is useful for particular subjects, not as useful for other subjects.
I expect the same will be true for any forum.

What is the appropriate mechanism within NANOG?

I mean, given previous topics covered in the NANOG security BoFs,
it would appear that a lot of attention has been given to statistical
analysis of DDoS flows traffic, securing infrastructure, etc. -- all
of which are honorable & desired goals.

But what about involvement of incident reporting (and responding?),
that is inclusive of the Internet community at-large?

NSP-Sec is clearly a "closed" community which excludes many of the
organizations who could actually help contribute intelligence, work
with law enforcement, and make a positive difference.

My opinion is that the ISP community, by and large, tend to say that
they are dealing with the situation, and are willing to address
these issue, yet in reality they tend to minimize the issues and
sweep it under the rug because it is not in their financial interests
to enagage them, or it doesn't jive with their "existing processes".

So I ask you, how do we address this situation?

Instead of being an apologist for the problem, how would _you_
suggest we address these process, procedural, and organizational

I consider this to be way beyond the boiling point, and an issue
that we all need to address -- and engage.


- - ferg

If you look in the archives, in the past I've listed the things
that seem to be needed for those organizations to succeed.

Over the years, I've worked with people to launch new groups, such as ISP-ISAC, INOC-DBA, NSP-SEC, GIAIS and a few more. Some more sucessful than others. Some won't admit me as a member anymore :slight_smile:

What are you trying to do?

Look at old security incident groups like CERT/CC, FIRST, NRIC and NSIE that have been around since the late 1980's/early 1990's.

Look at the middle-age groups like BORG, CIX, IOPS, ISPSEC, LINX, NANOG and RIPE. And a bunch of temporary Y2K groups.

Look at the new groups like APWG, DA/MWP/etc, DDOS-WG, GIAIS/MVI/VIA/SCP/MSSA,

I left out the academic or government only groups, there are soo many.

If you want to share information, there are lots of ways to do it.
Information does tend to move between the groups, unless you explicitly
say don't share the information. The government folks are convinced
that industry leaks, while the industry folks are convinced that government leaks.

If you want to get people in a room so you can yell at them about the
lousy job they are doing, that's less useful.

Of course, in a few weeks, someone else will probably be yelling about
ISPs interfering with their right to do something or other.