IIALP - Abuse Logging Protocol

George Davey sent us a press release about abuselog.org, a site for the development of a generalized protocol for logging internet annoyances and abuses to a set of central servers, which could then be queried to find out which IPs are luserish.

Re:that's cool!

[strictnein]

Am I missing something? There seems to be absolutely nothing interesting to even look at for this site.

Web site for the Iowa Internet Annoyance Logging Protocol (IIALP) Working Group.
IIALP is pronounced: E'-alp.

A copy of the current IETF "Internet-Draft" which represents a work in progress for IIALP is here:
http://www.ietf.org/internet-drafts/draft-davey-ii alp-01.txt

RTF versions of all the internet-draft work in progress revisions are here::
http://www.abuselog.org/Documents/00/draft-davey-i ialp-00.rtf
http://www.abuselog.org/Documents/00/draft-davey-i ialp-01.rtf

Next Revision Peak Ahead:
Working on the sample templates and template root structure

Your comments are welcome, please email your comments to the email address shown below:
Make sure to include IIALP first in the subject line followed by the actual subject.

Re:DHCP and MAC

[Feyr]

how about the fact that you can't see the MAC address past the first hop? or the other that MAC addresses aren't (and don't need to be) garanteed to be globally unique?

Re:DHCP and MAC

[ak_hepcat]

Your MAC address can be spoofed.

It's also only 'guaranteed' unique on the local broadcast segment. In quotes, because somebody could spoof yours and receive all your traffic.

Sure, you could log it. It's just not as secure an identifier as you think it is.

Re:DHCP and MAC

[Guus.der.Kinderen]

In any case, your DHCP assigned IP will be extracted from the same pool of IP's. If tracked, this project might at least pinpoint service providers that don't do enough to prevent abuse.

Re:That list'll get long quick

yes, I have it too. wtf is that?

Looks like script kitties and/or worms that are running a known buffer-overflow to me.

Re:I hope

[Ayaress]

My DSL company did something simmilar to me, although it was pure dumbass, and not malice on anybody's part. I'm on a dynamic IP system, so every time I disconnect and then reconnect, I have a different IP. Never causes much problem, since I don't do anything at home that would require me to have a static IP. Anyway, the local police made a big bust on a guy selling child pornography on a webserver in the back room of his office (the guy's a pediatrician). The police got a good couple hundred IP addresses from logs. Most of them were out of their jurisdiction, so they sent them on to somebody else. But a half-dozen or so were right here in town. They go to the ISPs, and try to get the names of the users behind said IPs. My ISP was more than happy to cooperate on something like this, so they had somebody look up the logs and figure out who had such-and-such address at the time stated (it was something like 4 AM on a Teusday). Anyway, it comes up with my name. I had some pretty awkward conversations with police, neighbors, parents, etc for a while until I get a call one day. The dumbass ISP must have entered the wrong search query or something, because as it turned out, that was my IP at 4AM on a Teusday - just a month earlier.

Re:That list'll get long quick

[mr_rarr]

yes i was also getting this. It's nothing to worry about if you're not using windows. It's the IIS WebDAV exploit.

I added this in my httpd.conf just for fun ...

RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com

SPAM is a trademark of Hormel

[alanxyzzy]

SPAM in all upper case is a trademake of Hormel, and refers to their pork luncheon meat product. They request that when the term is used to refer to unsolicited bulk e-mail, it is not capitalised.

IIALP allows for an infinite number of different types of annoyances to exist but has concise templates for common annoyances such as SPAM.

One cannot take entirely seriously anyone proposing a new method of fighting net-abuse, who is not aware of this fact.