Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NANOG>
  3. users: Page 3
1 2 3  View All
Re: PlayStationNetwork blocking of CGNAT public addresses [ In reply to ]
Valdis.Kletnieks at vt
Sep 22, 2016, 7:23 AM
Post #51 of 54 (598 views)
Permalink
On Thu, 22 Sep 2016 14:31:12 +0200, Alexander Maassen said:
> Maybe its time then for a global accepted, unified way to send/report abuse?

YOu mean ike these RFCs? (OK, so it's an XML schema. Just be glad
it isn't ASN.1 :)

5070 The Incident Object Description Exchange Format. R. Danyliw, J.
Meijer, Y. Demchenko. December 2007. (Format: TXT=171529 bytes)
(Updated by RFC6685) (Status: PROPOSED STANDARD) (DOI:
10.17487/RFC5070)

6684 Guidelines and Template for Defining Extensions to the Incident
Object Description Exchange Format (IODEF). B. Trammell. July 2012.
(Format: TXT=23550 bytes) (Status: INFORMATIONAL) (DOI:
10.17487/RFC6684)

6685 Expert Review for Incident Object Description Exchange Format
(IODEF) Extensions in IANA XML Registry. B. Trammell. July 2012.
(Format: TXT=4363 bytes) (Updates RFC5070) (Status: PROPOSED
STANDARD) (DOI: 10.17487/RFC6685)

7203 An Incident Object Description Exchange Format (IODEF) Extension for
Structured Cybersecurity Information. T. Takahashi, K. Landfield, Y.
Kadobayashi. April 2014. (Format: TXT=57694 bytes) (Status: PROPOSED
STANDARD) (DOI: 10.17487/RFC7203)

7495 Enumeration Reference Format for the Incident Object Description
Exchange Format (IODEF). A. Montville, D. Black. March 2015.
(Format: TXT=19891 bytes) (Status: PROPOSED STANDARD) (DOI:
10.17487/RFC7495)
Re: PlayStationNetwork blocking of CGNAT public addresses [ In reply to ]
ops.lists at gmail
Sep 22, 2016, 7:26 AM
Post #52 of 54 (598 views)
Permalink
Well yes – if you have the automation, that is great.



Of course the format of whatever log they send you matters too.



I’ve had abuse complaints in a past life where the abuse report was a screenshot from a checkpoint firewall with “Dear team, for your attention” in bright red in a large font.



Personally I don’t trash abuse reports that are valid.



--srs



From: Tom Beecher <beecher@beecher.cc>
Date: Thursday, 22 September 2016 at 7:35 PM
To: Brian Rak <brak@gameservers.com>
Cc: Suresh Ramasubramanian <ops.lists@gmail.com>, "nanog@nanog.org" <nanog@nanog.org>
Subject: Re: PlayStationNetwork blocking of CGNAT public addresses



The format of the abuse complaint doesn't mean anything if it still doesn't contain any relevant data to say what the abuse IS. (Or, even if it IS abuse at all.)









On Thu, Sep 22, 2016 at 9:37 AM, Brian Rak <brak@gameservers.com> wrote:

Single IP per email: automated, zero time at all.

Multiple IPs per email: manual process, minutes per IP.


On 9/22/2016 9:34 AM, Suresh Ramasubramanian wrote:

Considering that there are likely to be many such emails - just how much time is it going to take your abuse desk staffer to just parse out those IPs from whatever log that they send you?

And how much time would processing say 50 individual emails take compared to 50 IPs in a single email?

--srs

On 22-Sep-2016, at 6:58 PM, Brian Rak <brak@gameservers.com <mailto:brak@gameservers.com>> wrote:

We've also started ignoring their abuse emails, for the same reason. Their abuse emails at one point contained the line:

> P.S. If you would prefer an individual email for each IP address on this list, please let us know.

But, they didn't respond after we contacted them requesting it (and that line has since been removed).
Re: PlayStationNetwork blocking of CGNAT public addresses [ In reply to ]
rsk at gsp
Sep 23, 2016, 5:35 AM
Post #53 of 54 (587 views)
Permalink
On Mon, Sep 19, 2016 at 09:55:56PM +0200, Florian Weimer wrote:
> Github users create several orders of magnitude more SSH connections
> [snip]

Ah. I didn't know that. Thanks!

> Sure, and people already do this, and are not very flexible about it.
> Support staff isn't briefed, and claim they do such stochastic
> behavior adjustment across all (server) products, which I find
> difficult to believe.

You're right: those are serious drawbacks. If folks are going to do
this, then they need to do it right, which means making sure everyone
is in the loop and making sure that support staff are clueful/diligent
enough to investigate -- or at least hand off to someone who'll investigate.
This stuff works but only if you're adaptive/flexible and willing to
learn and adjust on an ongoing basis.

> I'm worried that this leads to a future where tunnelling everything
> over HTTP(S) is no longer sufficient. You have to make it look like a
> web server or browser, too. Everything else risks triggering
> automated countermeasures.

And as someone who constantly beats the "Internet != web" drum,
I second this. Marginalizing other protocols doesn't serve us well
in short term (it breaks things) or the long term (it stifles innovation).

---rsk
Re: PlayStationNetwork blocking of CGNAT public addresses [ In reply to ]
rsk at gsp
Sep 23, 2016, 5:39 AM
Post #54 of 54 (588 views)
Permalink
On Thu, Sep 22, 2016 at 02:31:12PM +0200, Alexander Maassen wrote:
> Maybe its time then for a global accepted, unified way to send/report abuse???

There are -- see Valdis's followup.

But there's still no viable substitute for a working abuse@ address
with clueful eyeballs on the other side of it. Every responsible and
professional operation on this planet has that. The really good
ones learn from what shows up there and pro-actively deal with abuse
issues before anyone else is bothered by them, which not only makes
them better netizens but reduces the volume of incoming complaints.

---rsk
1 2 3  View All

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal