[AusNOG] abuse@ systems ?

Tim March march.tim at gmail.com
Tue Jul 23 17:43:02 EST 2013


Amazon handle at least some abuse requests in a semi-automated fashion. 
For example, if you fire off something like `nmap --min-hostgroup 4096 
--min-parallelism -T5 $SomeHugeNetwork` you'll get an abuse notification 
pretty quickly. They also have something on the other side of that 
process that lets network operators acknowledge notifications automatically.

I'm not aware of a COTS solution, but you could achieve something along 
the lines of what you're describing by...

	1. Building a form based submission system that hands you off the 
information in a format that you're expecting to deal with. Use a mail 
handler that auto-responds to out-of-bound submissions with a link to 
the submission system / short FAQ etc.

	2. Parsing this information to something like RT with some custom 
handlers to sort the submissions to appropriate queues based on what 
they contain, auto-respond with FAQ links etc. where appropriate, yadda 
yadda.

If you look at high-volume services like the Cisco TAC submission 
process they obviously do something along these lines. I'd be really 
interested to hear if anyone knows of something specifically geared 
towards security, though.



T.

On 23/07/13 5:18 PM, PRK wrote:
> Afternoon all,
>
> Has anyone looked at implementing an off the shelf or custom solution
> for handling abuse@ emails?
>
> In particular anyone who's regularly receiving a reasonable volume of
> abuse emails (hundreds - thousands per day) which could be due to
> customer base size, customer activities, or other factors such as your
> charming personalities :P
>
> We're looking for something which is better designed for abuse@ handling
> than a standard CRM (such as auto response to complainee, phishing /
> spam handling, prioritisation based on email content) along with the
> standard CRMish stuff (auto response to complainant, trend reporting,
> manual prioritisation, collating individual reports to a root cause, etc).
>
> Cheers,
>
> prk.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>



More information about the AusNOG mailing list