> One problem with notifications typically (that I've seen) is that there is > no one to notify...
We tried notifications to the netblock owner for every incident that exceeded a reasonable threshold. [1] It takes a lot of time to find netblock owners. Even after investing self to try to make the net a better place, the satisfactory response rate is very small. > there may be an email address, but most likely that's not even > watched/read/responded-to/reacted-upon. ditto. > recieve less than 1 in 3K responses :( We may not have time to answer each of the mechanized notifications, but we process and respond to each incident. If only every ISP did at least that. > To start fixing this problem every ISP really needs some security folks > dedicated to customer security issues... I am the point of contact for the net in the sig below. We take all network abuse notifications seriously, and follow up with our customers. I am not hard to find. whois -h whois.arin.net bb122-arin > Hopefully, once there are security folks at all ISP's the ISP's will be > able to speak intelligently and civily to each other to cooperate and > contain problems. Amen. At your service, -bryan bradsby Texas State Government Net me: 512-936-2248 NOC: 512-475-2432 877-472-4848 -- If all the world's a stage, I want to operate the trap door. -- Paul Beatty [1] (see: "Firewall Seen" by Robert Graham) http://www.robertgraham.com/pubs/firewall-seen.html