On 11/09/2014 09:31 AM, Brian Rak wrote: > Some tips: > 1) Verify the servers are still vulnerable. This is pretty straightforward, > and saves everyone > involved some time For a DDOS, I'd be concerned that the provider would now think my activity was malicious.
> 2) Your abuse emails should include tcpdump-like output (or you'll get tons > of replies asking for logs) Is the output from nfdump close enough? > 3) Sticking to one abusive IP per email seems to get the best response rate > (or you confuse all the > automated systems for parsing these) The smallest email abuse report I sent last week contained over 15,000 IPs. Is it really better to send that many emails?
