[Dshield] Fightback email addresses?

Deb Hale haled at pionet.net
Thu Jun 12 13:34:13 GMT 2003


I'm am in the process of updating the abuse information.  To answer your
question

> However, what I think would be a good idea would be if Dshield could 
> send
> to the ARIN abuse address (or whatever source Dshield currently uses) and 
> to a self-reported abuse address.  Of course, I imagine this would mean 
> significant changes in the interface, database and automation systems.

I do often reference arin and put in the arin abuse address, ex: if there is
no information, if there is an abuse address or if the whois entry shows a
hotmail or yahoo address - I will use the Admin-C address for the fightback
address.  


Deb 

Deborah F Hale
Certified Business Continuity Professional/Computer Security Specialist
BCP Enterprise, Inc
Telephone: (712) 252-0361
www.bcpenterprise.com
 


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Johannes Ullrich
Sent: Wednesday, June 11, 2003 8:20 PM
To: General DShield Discussion List
Subject: RE: [Dshield] Fightback email addresses?


On Wed, 2003-06-11 at 10:29, Tim Rushing wrote:
> I think it would be a bad idea for Dshield to only send to 
> self-reported
> abuse addresses.  It would be a good way for an attacker to hide evidence 
> of a targeted attack.

yes. thats why we start with the 'whois' entries. In many cases, the whois
contact will tell us to use a different address. We can send to two contacts
at the same time, but there are only a couple of ISPs that prefer this.



> 
> However, what I think would be a good idea would be if Dshield could 
> send
> to the ARIN abuse address (or whatever source Dshield currently uses) and 
> to a self-reported abuse address.  Of course, I imagine this would mean 
> significant changes in the interface, database and automation systems.
> 
> All I'm reporting to Dshield is a home system.  My ISP is small enough 
> that
> if they get a report regarding me, I will hear about it.  However, I would

> love to be able to ask Dshield to let me know if my IP suddenly starts 
> scanning.
> 
>      ---Tim Rushing

We do have this for ISPs, but not for individual users. For home users, the
best check is to visit the warning banner. I guess I can setup a quick
'check my ip' page.


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list






More information about the list mailing list