Hi fellow ISP employees -
How do you handle those "internet abuse" auto-generated emails you may get from time to time? For example, we'll get an e-mail to our registered abuse POC email address like this:
" One of your clients using the IP: A.B.C.D, which is according to whois allocated to you, has abused/attacked one of our server:
foo.bar.foo - IPv4: W.X.Y.Z
Service: "portscan"
Time: Thu, 29 Apr 2021 10:00:00 +0200"
We're considering coming up with a policy that allows for "1 strike" for the customer that has the IP address at the time of the "abuse." We would simply contact the customer and share the information we received in the abuse e-mail "as-is" and tell them to knock it off and remind them of our terms and conditions. If it happens again, we'd consider suspension or cancelation of service.
But the rabbit hole can go real deep real quick when we start looking too long at these issues, and we don't want to create more work for anybody so we'd like to keep the process simple. Just curious as to how others may handle these situations.
TIA
No comments:
Post a Comment