A standard would be nice. In some of the auto-responders, I get requirements
that conflict or are unreasonable.
* We don't accept abuse complaints via e-mail, please submit via this site:
Yeah, okay. That's not scaleable.
* Network A wants time in GMT, while network B wants time in their local
timezone. How do I know that ahead of time? Adjusting for that isn't scaleable
Some are asking for my IP address. Okay, I get that if you have CGNAT running,
you need to know that to check your logs. Now I gotta figure out how to get my
IP address into the log. Many of the devices watched have more than one IP
address.
Having a standard would make generation of reports and processing of said
reports a lot easier to automate.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message -----
From: sro...@ronan-online.com
To: "NANOG" <nanog@nanog.org>
Sent: Wednesday, April 29, 2020 10:25:19 AM
Subject: Re: Abuse Desks
Perhaps some organization of Network Operators should come up with an objective
standard of what constitutes “abuse” and a standard format for reporting it.
If only there was such an organization.
Sent from my iPhone
> On Apr 29, 2020, at 11:14 AM, Chris Adams <c...@cmadams.net> wrote:
>
> Once upon a time, Mukund Sivaraman <m...@mukund.org> said:
>> If an abuse report is incorrect, then it is fair to complain.
>
> The thing is: are 3 failed SSH logins from an IP legitimately "abuse"?
>
> I've typoed IP/FQDN before and gotten an SSH response, and taken several
> tries before I realized my error. Did I actually "abuse" someone's
> server? I didn't get in, and it's hard to say that the server resources
> I used with a few failed tries were anything more than negligible.
>
> I've had users tripped up by fail2ban because they were trying to access
> a server they don't use often and took several tries to get the password
> right or had the wrong SSH key. Should that have triggered an abuse
> email?
>
> --
> Chris Adams <c...@cmadams.net>
