[rt-users] RTIR Blocks

Maxwell A. Rathbone mrathbone at sagonet.com
Thu Dec 3 12:39:00 EST 2009


Paul,

Why would you want to block an IP before a problem occurs? And how would 
you know that the IP is going to be problematic before a problem occurs?

We utilize RTIR for our Abuse handling. External sites email us to 
abuse at sagonet.com, which drops into RTIR's Incident Reports queue. From 
there, our Abuse Admins verify the issue, then proceed to open an 
Incident & Investigation(outbound ticket to our customer) 
simultaneously. If the customer does not correct the problem within ___ 
amount of time, our Abuse Admins will then open a Block, blocking the 
customer IP until they fix the issue.

It may just be how you are using it that causes you to feel the logic is 
flawed. As from my example above, it fits perfectly in the logical workflow.

Max

pjaramillo at kcp.com wrote:
> Has anyone modified RTIR to allow Blocks to be linked to Incident Reports 
> instead of Incidents? If so, how?
>
>  I don't like the fact that I have to create an Incident Report and then 
> an Incident to create a Block. That logic is flawed. It assumes it takes 
> an actual incident to put a block in place, where as you should want to be 
> proactive and block prior to an incident.
>
> Thanks,
> Paul J
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com
>   




More information about the rt-users mailing list