This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers
- Previous message (by thread): [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers
- Next message (by thread): [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Clayton
richard at highwayman.com
Thu Nov 19 13:16:12 CET 2015
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <201511181701.30630.markus.debruen at bsi.bund.de>, de =?utf- 8?q?Br=C3=BCn?=, Markus <markus.debruen at bsi.bund.de> writes >A few remarks: >Sources like TI or FIRST are useful if you are looking for national CERT >contacts. If you want to report an issue to network operators or hosting >providers directly, you have to use Whois information. nope ... you could use their websites Many hosting providers have webforms, which if used result in rapid takedown. Indeed for many hosting companies this is pretty much the only way of achieving rapid takedown. I understand that the purpose of the document is to explain the issues around "let's get hold of the abuse@ folk" but it would be considerably more valuable if it either indicated that this was just one strategy for dealing with abuse or at least pointed at other material that set out the context. The document provides the example such as "Incident reporter finds a hacked webpage" and says "Naturally, she will try to contact the domain owner (name-based resource lookup) - the admin-c and possibly also the tech-c." in practice people do indeed contact all three of these, and that can cause significant delay as each assumes someone else has dealt with it; and as above it may well be better to just type www.hostingcompany.tld and click on the "report abuse" link. My suggestion for the document would be to entirely remove what material there is on why one might be searching for an abuse contact (since it is inadequate and unhelpful) and leave just the substantive information (these are the databases, this is what they contain, this is how they are maintained). Bottom line for me is that the problem statement says Given the domain www.example.com, what is the best contact for sending IT security incident notifications to? and nothing in the rest of the document tackles the notion of "best" So I'd commend removing sections 4 and 5 altogether. - -- Dr Richard Clayton <richard.clayton at cl.cam.ac.uk> Director, Cambridge Cloud Cybercrime Centre mobile: +44 (0)7887 794090 Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBVk29jOINNVchEYfiEQLL9ACfQIhpmr8Doa2YUVAvf+kIT2pK8IAAoPFM OEwLI5XKS2mU+CDpjABG0FWY =fpnQ -----END PGP SIGNATURE-----
- Previous message (by thread): [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers
- Next message (by thread): [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]