Netabuse started in 2012 as a hobby project and is nowadays maintained by a team of volunteers.
All network abuse on our network is automatically indexed in a central database. Aggregated reports per IP-address are emailed at least one a day to the originating networks's abuse contact in X-ARF format. If the number of incidents form a subnet is too high, the subnet will be added to the firewall automatically.
The system analyses logfiles from several applications to detect abuse and add it to the database.
The system searched the abuse-contect for the offending IP-address sends an X-ARF email. If the email is handled by a ticketing system, the ticket-ID will be detected and linked to our report. New reports will be added to the same ticket.
When too much abuse from a subnet is detected, a firewall rule for blocking traffic from the subnet will be created and activated automatically. The rule will be removed a few days after the abuse has stopped.
If you have any questions about the software, managing abuse in your network or anything else, please do not hesitate to use the contact form. Normally your question will be answered in 24 hours.