Hi,
I don't know how many providers use the service called RT ( Request
Tracker - http://www.bestpractical.com/ ), but I have found this very
useful. It keeps all emails in a ticketing system using a database such as
mysql or others and ACL can be setup for support groups and queues. When a
ticket is closed, the requestor (client) is notified of the ticket closure,
any additional responses from the client will re-open the ticket and the
info will be appended to the ticket. If clients were to open a new ticket
but it was in reference to the old ticket, they can be linked to the main
ticket.
To name 2 big companys ( http://www.bestpractical.com/rt/praise.html ) that
use it:
NASA
DynDNS
I would be interested to know how many people are using this system and what
they think of it.
Kindest Regards
Barry Murphy
----- Original Message -----
From: "Russell Fulton"
On Fri, 2003-07-04 at 15:37, Steve Phillips wrote:
Has anyone else here had problems with NZ ISP abuse complaint responses ? mainly in response to SPAM reports where they refuse to do anything until they get blacklisted but also covering network abuse (DOS type scenario's and the like) ?
It appears that abuse complains are more and more regularly falling on deaf ears where the person/team handling the abuse desk seems more concerned with pointing out how it is not their problem than actually trying to educate their end users as to correct practices.
I have reported a great deal of network abuse in the past (unfortunately I'm now so busy dealing with the consequences of the abuse I don't have time to follow up any but the worst examples :-( ).
My experience is that NZ ISPs are far and away better at responding than the global norm. One point I will make is that an automated response acknowledging receipt is useful (if only as evidence that you really did report the problem) but gives no indication of whether or not the report was then simply dropped in the bit bucket. I assume that all ISPs us some form or call tracking software and it would be great if they would set them up so that when the call is closed an email is sent back to the originator with a brief status message. (eg, resolved, could not match time and IP, ....).
Earlier this year I did a binge on machines in NZ that were infected by worms that spread via open shares. Since many of these are on dial up addresses it is impossible to tell if particular machines have been fixed, even so one could tell from the total numbers of reports that I was sending to each ISP which were doing something about them and which were not. One thing that was interesting is that one major ISP who always acknowledges receipt of complaints seemed to do little about them while another big player who do do give automated acknowledgements seemed to act on them. In this context I must commend Xtra (as much as it pains me to say anything positive about anything to do with Telecom ;-) who alway responded and actively encouraged me to continue sending reports.
Another specific example is Sapphire (aka slammer -- MSSQL worm) which most NZ ISPs blocked (and continue to block ?), the exception was ihug and I was still seeing infected machines scanning us until very recently from ihug address space. I reported these on numerous occasions but it did not appear to have any impact on the number of infected machines that I was seeing.
Cheers, Russell.
-- Russell Fulton, Network Security Officer, The University of Auckland, New Zealand.
_______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog