[Dshield] Fightback email addresses?
jullrich at euclidian.com
Thu Jun 12 01:20:27 GMT 2003
On Wed, 2003-06-11 at 10:29, Tim Rushing wrote:
> I think it would be a bad idea for Dshield to only send to self-reported
> abuse addresses. It would be a good way for an attacker to hide evidence
> of a targeted attack.
yes. thats why we start with the 'whois' entries. In many cases, the
whois contact will tell us to use a different address. We can send to
two contacts at the same time, but there are only a couple of ISPs
that prefer this.
> However, what I think would be a good idea would be if Dshield could send
> to the ARIN abuse address (or whatever source Dshield currently uses) and
> to a self-reported abuse address. Of course, I imagine this would mean
> significant changes in the interface, database and automation systems.
> All I'm reporting to Dshield is a home system. My ISP is small enough that
> if they get a report regarding me, I will hear about it. However, I would
> love to be able to ask Dshield to let me know if my IP suddenly starts
> ---Tim Rushing
We do have this for ISPs, but not for individual users. For home users,
the best check is to visit the warning banner. I guess
I can setup a quick 'check my ip' page.
More information about the list