On Fri, 2003-07-04 at 15:37, Steve Phillips wrote:
Has anyone else here had problems with NZ ISP abuse complaint responses ? mainly in response to SPAM reports where they refuse to do anything until they get blacklisted but also covering network abuse (DOS type scenario's and the like) ?
It appears that abuse complains are more and more regularly falling on deaf ears where the person/team handling the abuse desk seems more concerned with pointing out how it is not their problem than actually trying to educate their end users as to correct practices.
I have reported a great deal of network abuse in the past (unfortunately I'm now so busy dealing with the consequences of the abuse I don't have time to follow up any but the worst examples :-( ). My experience is that NZ ISPs are far and away better at responding than the global norm. One point I will make is that an automated response acknowledging receipt is useful (if only as evidence that you really did report the problem) but gives no indication of whether or not the report was then simply dropped in the bit bucket. I assume that all ISPs us some form or call tracking software and it would be great if they would set them up so that when the call is closed an email is sent back to the originator with a brief status message. (eg, resolved, could not match time and IP, ....). Earlier this year I did a binge on machines in NZ that were infected by worms that spread via open shares. Since many of these are on dial up addresses it is impossible to tell if particular machines have been fixed, even so one could tell from the total numbers of reports that I was sending to each ISP which were doing something about them and which were not. One thing that was interesting is that one major ISP who always acknowledges receipt of complaints seemed to do little about them while another big player who do do give automated acknowledgements seemed to act on them. In this context I must commend Xtra (as much as it pains me to say anything positive about anything to do with Telecom ;-) who alway responded and actively encouraged me to continue sending reports. Another specific example is Sapphire (aka slammer -- MSSQL worm) which most NZ ISPs blocked (and continue to block ?), the exception was ihug and I was still seeing infected machines scanning us until very recently from ihug address space. I reported these on numerous occasions but it did not appear to have any impact on the number of infected machines that I was seeing. Cheers, Russell. -- Russell Fulton, Network Security Officer, The University of Auckland, New Zealand.