On Thu 25/Feb/2021 14:41:00 +0100 Cynthia Revström wrote:
I think you have misunderstood my point.
Would they send such report using their customer's own web form?
No? I don't know what implied that?
If you predicate sending reports via web form, then report forwarding
from the ISP to its customer should also be done via web form. That
is, the ISP should jump all the required hoops until it finds out
where and how to fill the appropriate form. However, doing so defeats
the advantage of having the customer automatically identified.
Yes, doing so requires some work too, but heck aren't we paying for that
already?
The person sending the abuse report is rarely a paying customer.
The right thing to do would be to arrange for the abuse mailbox address
to point (in)directly to the actual user of the IP address.
I am assuming you are referring to having a separate abuse contact for each
customer, so like abuse.cust123@domain and registering it in the RIPE
Registry/DB?
Yes, exactly. That's the extra work required from the ISP. It is
paid by cust123. Presumably, abuse.cust123@domain forwards to the
abuse address chosen by the customer on signing the contract. Keeping
a copy allows the ISP to monitor how many complaints its customers
receive.
In some cases with large customers maybe but if you are a hosting provider
where each customer might only have one or two IPv4 addresses, that can get
to an insane amount of handles and make the database really messy.
You can keep a record for each IPv4 address with only a few Terabytes.
I don't think the reason why ISPs tend to neither assign rfc2317
reverse delegations nor customer specific abuse-mailbox is because
they or the RIPE cannot afford enough disk space to store that data.
Every now and then I ask my ISP to assign me an abuse-mailbox (which
my previous ISP did, but then they were acquired by a bigger shark
while the RIPE changed format to abuse-c.) At times I also try and
send fake complaints about my IP, to see if they would forward them to
me. All of those messages fall into a black black hole where time is
frozen expectations fade. Lazy.
Also the customer in question is not the only info that is relevant, like
is it DoS, spam, or port scanning, etc?
But in general I think there are pros and cons to web forms and email
templates just as there are pros and cons to arbitrarily structured emails.
For a third alternative, I recently added abuseipdb.com to my
end-of-day abuse reporting script. They provide an http API that
allows to specify the most basic info, IP, time, and kind of abuse.
That method has some of the advantages of forms, as it allows
semantically bound fields, and some advantages of email messages, as
it can be automated.
Best
Ale
--
