[AusNOG] abuse@ systems ?
Tim March
march.tim at gmail.com
Tue Jul 23 17:43:02 EST 2013
Amazon handle at least some abuse requests in a semi-automated fashion.
For example, if you fire off something like `nmap --min-hostgroup 4096
--min-parallelism -T5 $SomeHugeNetwork` you'll get an abuse notification
pretty quickly. They also have something on the other side of that
process that lets network operators acknowledge notifications automatically.
I'm not aware of a COTS solution, but you could achieve something along
the lines of what you're describing by...
1. Building a form based submission system that hands you off the
information in a format that you're expecting to deal with. Use a mail
handler that auto-responds to out-of-bound submissions with a link to
the submission system / short FAQ etc.
2. Parsing this information to something like RT with some custom
handlers to sort the submissions to appropriate queues based on what
they contain, auto-respond with FAQ links etc. where appropriate, yadda
yadda.
If you look at high-volume services like the Cisco TAC submission
process they obviously do something along these lines. I'd be really
interested to hear if anyone knows of something specifically geared
towards security, though.
T.
On 23/07/13 5:18 PM, PRK wrote:
> Afternoon all,
>
> Has anyone looked at implementing an off the shelf or custom solution
> for handling abuse@ emails?
>
> In particular anyone who's regularly receiving a reasonable volume of
> abuse emails (hundreds - thousands per day) which could be due to
> customer base size, customer activities, or other factors such as your
> charming personalities :P
>
> We're looking for something which is better designed for abuse@ handling
> than a standard CRM (such as auto response to complainee, phishing /
> spam handling, prioritisation based on email content) along with the
> standard CRMish stuff (auto response to complainant, trend reporting,
> manual prioritisation, collating individual reports to a root cause, etc).
>
> Cheers,
>
> prk.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
More information about the AusNOG
mailing list