Agreed.
Take www.dshield.org for instance. They aggregate logs from various sources and
send complaints to the upstream provider. This is something that would work for
you Jason.
Working for an AUP department at an ISP, we gladly accept automated complaints.
Sending the complaint downstream f
Not wanting to be ripped to shreds here, I think it's still worthwhile
to alert people to, say, Slammer-infected hosts on their networks.
Sure, the good folks are already monitoring their networks for hosts
sourcing things like that, and they're also the ones that will know how
to deal with au
I have, according to my ids around 400pps arriving at my home network that
don't belong there. if I payed attention to all of it I'd be busy, if I
generated abuse reports and fired them off it would generate a lot of
noise... random portscans, dos backsplash and worm traffic don't really
rise
On Mon, Dec 29, 2003 at 08:24:16AM -0800, Joel Jaeggli wrote:
>
> if you automate abuse reporting you can basically assume that the reciver
> will automate abuse handling. since that has in fact happened as far as i
> can tell the probably of you automated asbuse replaies ever reaching a
> hum
On Monday, December 29, 2003 11:24 AM [GMT-5=EST], Joel Jaeggli
<[EMAIL PROTECTED]> wrote:
> if you automate abuse reporting you can basically assume that the reciver
> will automate abuse handling. since that has in fact happened as far as i
> can tell the probably of you automated asbuse replai
When we get something that looks automated, we send back a reply saying
"We received this, if you'd like us to take action, please have a human
reply."
I've been thinking of instead having them send us a cryptographic hash of
their message, saying that we MUST have all such notifications validate
if you automate abuse reporting you can basically assume that the reciver
will automate abuse handling. since that has in fact happened as far as i
can tell the probably of you automated asbuse replaies ever reaching a
human who cares or can do something about it is effecetivly zero.
joelja
O
Jason Lixfeld wrote:
>
> ...Has there been development of some
> sort of intelligent unix land app that can understand Cisco syslog
> output, find the abuse departments of the sourcing networks and send
> them off a nice little FYI?
With rare exceptions, I'd say don't bother, even if you do come
try LogDog to act on the syslog data...it sends all syslog log files through a
pipe and scans for specific data...then you can email the complete message to
anyone. It can have a negative performance impact depending on the number of
sustained syslog logs being generatedbut I used it on a s
We're a small company but none the less are inundated with firewall
logs reporting numerous attempts to find holes in our network; c'est la
vie. Seeing as how we are small, we don't have the resources to go
through and send emails off to the abuse departments of each network
sourcing the probe
10 matches
Mail list logo