On Wed, 13 Nov 2013, Sam Moats wrote:
The only thing I can think of is that they are making the decisions about how
important their abuse desk
is based solely on the cost of running that desk. They are seeing it as a
cost center and not thinking
about it's long term benefit to the entire network
Don't have access to a normal PC right now but I agreed with this
approach so much that I'm typing a response on a 10 button pad.
Sam
On 2013-11-13 21:33, Jimmy Hess wrote:
On Wed, Nov 13, 2013 at 3:46 AM, Sam Moats
wrote:
about its long term benefit to the entire network. I cant think o
On Wed, Nov 13, 2013 at 3:46 AM, Sam Moats wrote:
> about it's long term benefit to the entire network. I can't think of a way
> to remove the incentive for this
> short term thinking.
>
The end users can, by inquiring about the abuse desk, before agreeing to
sign up for service.
In this man
On Nov 12, 2013, at 3:58 PM, Jonas Björklund wrote:
> Hello,
>
> We got often abuse reports on hosts that has been involved in DDOS attacks.
> We contact the owner of the host help them fix the problem.
>
> I also would like to start send these abuse report to the ISP of the source.
>
> Are t
There are good guys out there :-), and some are gorilla sized thats why
I
obfuscated the names in my response. No offense intended to the goood
ones.
Sam Moats
On 2013-11-13 05:48, Paul Bennett wrote:
I can't speak directly for them, as I'm not an official company
spokesperson, but this conver
I can't speak directly for them, as I'm not an official company
spokesperson, but this conversation has got my dander up enough that I
can't keep my big mouth shut.
I know of at least one 500 pound gorilla (with zillions of retail
customers, and their share of 500 pound gorillas as customers (and
I expect this from the doofus in $pain_in_the_butt_county but I am
surprised when I see this behavior
from large companies and I really don't understand it. Having a working
abuse/response system is beneficial
to us all including the gorillas. There is a cost to us if we're
spending expensive en
William Herrin said:
> That's the main problem: you can generate the report but if it's about
> some doofus in Dubai what are the odds of it doing any good?
It's much worse than that.
Several 500 pound gorillas expect you to jump through various hoops to report
abuse. Have you tried reporting
On Nov 12, 2013, at 9:16 PM, Brandon Galbraith
wrote:
> On Tue, Nov 12, 2013 at 10:03 PM, William Herrin wrote:
>>> Now it would be trivial to setup syslog and sshd to give only the sessions
>>> that complete the handshake, however I'm also not sure how responsive some
>>> of the abuse contact
On Tue, Nov 12, 2013 at 10:03 PM, William Herrin wrote:
>> Now it would be trivial to setup syslog and sshd to give only the sessions
>> that complete the handshake, however I'm also not sure how responsive some
>> of the abuse contacts may be. I'll keep my restrictive network settings for
>> the
On Tue, Nov 12, 2013 at 9:07 PM, Sam Moats wrote:
> That said the original poster was
> focused on a DOS event,to do that you really don't need the full handshake.
Point. Though not all DDOSes are created equal. The simple packet
flood is, as likely as not, from forged addresses. But I've also se
Your right they wouldn't get all of the way through. The three way
handshake is great against blind spoofing attacks. That said the
original poster was focused on a DOS event,to do that you really don't
need the full handshake.
I'm not sure if the end goal of whomever we were dealing with was
On Tue, Nov 12, 2013 at 4:52 PM, Sam Moats wrote:
> We used to use a small perl script called tattle that would parse out the
> /var/log/secure on our *nix boxes, isolate the inbound ssh exploits, lookup
> the proper abuse contacts and report them. I haven't seen anything similar
> in years but it
> I also would like to start send these abuse report to the ISP of the
> source.
good idea. we all need more entries in our .procmailrcs
randy
On 12 November 2013 22:52, Sam Moats wrote:
> We used to use a small perl script called tattle that would parse out the
> /var/log/secure on our *nix boxes, isolate the inbound ssh exploits, lookup
> the proper abuse contacts and report them. I haven't seen anything similar
> in years but it woul
On 2013-11-12 16:58, Jonas Björklund wrote:
> Hello,
>
> We got often abuse reports on hosts that has been involved in DDOS attacks.
> We contact the owner of the host help them fix the problem.
>
> I also would like to start send these abuse report to the ISP of the
> source.
>
> Are there any
We used to use a small perl script called tattle that would parse out
the /var/log/secure on our *nix boxes, isolate the inbound ssh exploits,
lookup the proper abuse contacts and report them. I haven't seen
anything similar in years but it would be interesting to do more than
null route IPs.
17 matches
Mail list logo
