Preview only show first 10 pages with watermark. For full document please download

130-abuseio-4.0-ripe71-aawg

   EMBED

  • Rating

  • Date

    August 2018
  • Size

    526.8KB
  • Views

    7,549
  • Categories


Share

Transcript

Open Source abuse management by Erik Bais Talking points - The history of AbuseIO Why AbuseIO Features Deployment at A2B Internet Workflows Questions History of AbuseIO - In-house developed and deployed at BIT.NL by Bart Vrancken (@CrossWire) - Spamcheck (Version 1.0 - 2009 - 2011) - AbuseReporter (Version 2.0 - 2011 - 2014) - Plans to open source AbuseReporter as AbuseIO (December 2014) quickly followed by support from Tilaa and Tele2 - First release of AbuseIO (Version 3.0 - April) - Started the AbuseIO non-profit foundation (May) - Development started on the next release (June) - AbuseIO was granted a fund by SIDN Fonds (August) - Public Benefit Organization for tax deductible donations - Next release planned for Q1/2016 (January/February) Why AbuseIO - Currently known software that have the same (or less) features is very expensive - Freely available software is unnecessarily complex, time consuming and mostly used by CERT’s which have an entirely different scope then an ISP would have - Smaller ISP’s are still manually processing the data feeds which causes unneeded delay until the abuse matter is resolved - Most hosting companies with a small group of personnel don’t have the time or resources to handle most of their abuse matters - Most end-users WANT to fix the problem! However they lack the expertize to solve it and the reporting ISP does not have the time to assist every end-user in resolving the matter - Complementary to other projects, like the Abuse Information Exchange / AbuseHUB (NL) Features AbuseIO-4.0 - Just as easy to install as wordpress Receive and process incoming abuse events Support for nearly all the Notifier feeds available Merge related events into a combined report Classify and prioritize reports Integrate with any IPAM or backend Send out near real-time notifications Direct IP and Domain owners to a self-help portal Hook to external scripts (actions, blackhole, quarantine, etc.) Archive and link to original evidence Works with IPv4 and IPv6 addresses For anyone to use, for FREE! With AbuseIO providing the right tooling for free, the Internet providers, hosting companies, network operators and end-users will have no excuse anymore in letting abuse run wild in their networks Deployment at A2B Internet - Saving a LOT of time handling abuse - Processing for instance all the Shadowserver reports, all follow-ups by email manually … takes about 2 – 3 hrs if done manually. - Uptime of abuse highly reduced - Quicker insight on the tickets and quicker follow up. - Good overview on abuse matters and the clients are responsible - All information is in 1 system, including their contact mail address. - We also monitor IP space of LIR customers not in our own network. ( Rented IP space and Managed LIR customers ) - Very positive response from our customers for the system and the information provided through it. Workflow – incoming events Notifier Sends an e-mail to [email protected] Notifier portal (HTTP, RSS, etc.) CLI / Local tools Beanstalk Queue Parser Collectors Events Parser Workflow – handling events Events Validator Store evidence Find IP/Domain owner data Create/update tickets and link events Screenshots Screenshots Workflow – outgoing reports Tickets New notification Update notification IP owner and/or Domain owner AbuseIO Self Help Portal (ASH) Interaction IP/Domain owner with Network owner Screenshots Questions ? More information Website: https://Abuse.IO IRC: #abuseio on FreeNode E-Mail: [email protected] Twitter: @AbuseIO THANK YOU