On Apr 15, 2005, at 9:51 PM, Rory wrote:
There are a few things that would make dealing with these sorts of
things easier,
1. Sending IDS Logs in UTC would be easier, converting GMT -07:00 to
GMT +10:00 requires
a whole lot more thinking that I'd like to put into a single
investigation =P~
2. Sending IDS Reports in a nicely formated way like D-Shield does, so
you know where the data
you actually want is.
3. Not putting so much crap about legalitys at the top of the email,
scrolling is hard work, I get
scroll wheel cramps sometimes.
4. Don't be rude and spout nonsense in your emails, like "STOP YOURS
COMPUTORS HAX0RING ME"
as fun as is sending back canned replys, you get a bit sick of it.
5. Threatening to blacklist my IP's is really not going to get you any
more attention than anyone else.
6. Don't expect a reply unless its a really major issue.
7. Don't send me complaints for other bloody companies IP space
godamnit!
Rory,
A great list of things to do when contacting an abuse desk. Thanks.
For the original poster -- When doing the above fails, contact the
abuse desk of their upstream provider. If you have a good relationship
with YOUR upstream provider, you can even try pinging them as they may
have some direct contacts in the abuse desk of the source network.
Every major network these days has at least some clue behind the abuse
desk. Certainly they are overwhelmed and overworked but they do exist
and by going through the right channels and saying the right things
(and more importantly, not the wrong things) your issue will likely be
resolved.
Thanks,
David Ulevitch
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
