My Motivation for creating this project.
The project proposal was highly influenced by my personal experience of
- having created a small (wireless) ISP and
- by having worked at a national CERT (Computer Emergency Response Team) for many years.
Working at the latter, I came to the insight that most small ISPs / network operators do not invest a lot into automatic abuse handling. In fact, in many cases it is seen as a side-duty or unwanted costs. Which is, of course, totally understandable and a valid business position. After all, network abuse is an unwanted side-effect of running networks and abuse reports only cost time and money to solve. They do not generate profit. The second insight was, that medium or larger ISPs/network operators often already have tools and automation in place to handle abuse reports. It’s the long tail of small ISPs which does not fully (yet).
This project aims at bringing the best of breed open source technology as a turn-key package to the "long tail" networks to plug into their customer contacts database (CRM) system on the one side and to the global feeds of threat intelligence and scanning alerts (such as shadowserver.org). Automate the incident response (IR), improve network hygiene!
Funding
Funding for this project was graciously provided by the RIPE CPF.