Re: [nznog] Abuse desk responses - using RT

We use RT, both for our helpdesk and for production. I looked at a lot of packages (commercial and otherwise) and it ended up with RT suiting our needs. Also, being open source allowed us to patch it to integrate with our other systems in various ways. Of the commercial packages I was also impressed with AnswerTrack. It does what you need straight out of the box in a clean and well-presented way. Originally by HumanKind Systems, recently bought - all with the development team - by GSI: http://www.answertrack.com/ We trialed AnswerTrack, but in the end went with RT because of the ability to customise, but also because RT was more email-oriented, and I really wanted a system where the parties could interact purely via email if they chose to (without using the web interface). Aaron. ----- Original Message ----- From: "Barry Murphy" To: "Russell Fulton" Cc: Sent: Monday, July 07, 2003 5:22 PM Subject: Re: [nznog] Abuse desk responses

Hi,

I don't know how many providers use the service called RT ( Request Tracker - http://www.bestpractical.com/ ), but I have found this very useful. It keeps all emails in a ticketing system using a database such as mysql or others and ACL can be setup for support groups and queues. When a ticket is closed, the requestor (client) is notified of the ticket closure, any additional responses from the client will re-open the ticket and the info will be appended to the ticket. If clients were to open a new ticket but it was in reference to the old ticket, they can be linked to the main ticket.

To name 2 big companys ( http://www.bestpractical.com/rt/praise.html ) that use it: NASA DynDNS

I would be interested to know how many people are using this system and what they think of it.

Kindest Regards Barry Murphy

----- Original Message ----- From: "Russell Fulton" To: "Steve Phillips" Cc: Sent: Monday, July 07, 2003 7:04 AM Subject: Re: [nznog] Abuse desk responses

...

On Fri, 2003-07-04 at 15:37, Steve Phillips wrote:

...

Has anyone else here had problems with NZ ISP abuse complaint responses ? mainly in response to SPAM reports where they refuse to do anything until they get blacklisted but also covering network abuse (DOS type scenario's and the like) ?

It appears that abuse complains are more and more regularly falling on deaf ears where the person/team handling the abuse desk seems more concerned with pointing out how it is not their problem than actually trying to educate their end users as to correct practices.

I have reported a great deal of network abuse in the past (unfortunately I'm now so busy dealing with the consequences of the abuse I don't have time to follow up any but the worst examples :-( ).

My experience is that NZ ISPs are far and away better at responding than the global norm. One point I will make is that an automated response acknowledging receipt is useful (if only as evidence that you really did report the problem) but gives no indication of whether or not the report was then simply dropped in the bit bucket. I assume that all ISPs us some form or call tracking software and it would be great if they would set them up so that when the call is closed an email is sent back to the originator with a brief status message. (eg, resolved, could not match time and IP, ....).

Earlier this year I did a binge on machines in NZ that were infected by worms that spread via open shares. Since many of these are on dial up addresses it is impossible to tell if particular machines have been fixed, even so one could tell from the total numbers of reports that I was sending to each ISP which were doing something about them and which were not. One thing that was interesting is that one major ISP who always acknowledges receipt of complaints seemed to do little about them while another big player who do do give automated acknowledgements seemed to act on them. In this context I must commend Xtra (as much as it pains me to say anything positive about anything to do with Telecom ;-) who alway responded and actively encouraged me to continue sending reports.

Another specific example is Sapphire (aka slammer -- MSSQL worm) which most NZ ISPs blocked (and continue to block ?), the exception was ihug and I was still seeing infected machines scanning us until very recently from ihug address space. I reported these on numerous occasions but it did not appear to have any impact on the number of infected machines that I was seeing.

Cheers, Russell.

-- Russell Fulton, Network Security Officer, The University of Auckland, New Zealand.

_______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog