Re: Scaled Back Cybersecuruty

[Bryan Bradsby <Bryan.Bradsby () capnet state tx us>]

> One problem with notifications typically (that I've seen) is that there is
> no one to notify...

We tried notifications to the netblock owner for every incident that
exceeded a reasonable threshold. [1]

It takes a lot of time to find netblock owners. Even after investing
self to try to make the net a better place, the satisfactory response rate
is very small.

> there may be an email address, but most likely that's not even
> watched/read/responded-to/reacted-upon.

ditto.

> recieve less than 1 in 3K responses :(

We may not have time to answer each of the mechanized notifications, but
we process and respond to each incident. If only every ISP did at least
that.

> To start fixing this problem every ISP really needs some security folks
> dedicated to customer security issues...

I am the point of contact for the net in the sig below. We take all
network abuse notifications seriously, and follow up with our customers.

I am not hard to find.

whois -h whois.arin.net bb122-arin

> Hopefully, once there are security folks at all ISP's the ISP's will be
> able to speak intelligently and civily to each other to cooperate and
> contain problems.

Amen.

At your service,
-bryan bradsby

Texas State Government Net
me:  512-936-2248
NOC: 512-475-2432  877-472-4848
--
If all the world's a stage, I want to operate the trap door.
                -- Paul Beatty

[1] (see: "Firewall Seen" by Robert Graham)
     http://www.robertgraham.com/pubs/firewall-seen.html