'Re: What to do if they ignore you'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       incidents
Subject:    Re: What to do if they ignore you
From:       "David A.Ulevitch" <davidu () everydns ! net>
Date:       2005-04-17 1:10:28
Message-ID: 4e157e47643a11933fadbf63ea0a2a8e () everydns ! net
[Download RAW message or body]


On Apr 15, 2005, at 9:51 PM, Rory wrote:
> There are a few things that would make dealing with these sorts of 
> things easier,
> 1. Sending IDS Logs in UTC would be easier, converting GMT -07:00 to 
> GMT +10:00 requires
>    a whole lot more thinking that I'd like to put into a single 
> investigation =P~
> 2. Sending IDS Reports in a nicely formated way like D-Shield does, so 
> you know where the data
>    you actually want is.
> 3. Not putting so much crap about legalitys at the top of the email, 
> scrolling is hard work, I get
>    scroll wheel cramps sometimes.
> 4. Don't be rude and spout nonsense in your emails, like "STOP YOURS 
> COMPUTORS HAX0RING ME"
>    as fun as is sending back canned replys, you get a bit sick of it.
> 5. Threatening to blacklist my IP's is really not going to get you any 
> more attention than anyone else.
> 6. Don't expect a reply unless its a really major issue.
> 7. Don't send me complaints for other bloody companies IP space 
> godamnit!

Rory,

A great list of things to do when contacting an abuse desk.  Thanks.

For the original poster -- When doing the above fails, contact the 
abuse desk of their upstream provider.  If you have a good relationship 
with YOUR upstream provider, you can even try pinging them as they may 
have some direct contacts in the abuse desk of the source network.

Every major network these days has at least some clue behind the abuse 
desk.  Certainly they are overwhelmed and overworked but they do exist 
and by going through the right channels and saying the right things 
(and more importantly, not the wrong things) your issue will likely be 
resolved.

Thanks,
David Ulevitch


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic