[unisog] cornell.edu blog being used for spam - and now virginia.edu as well
Brian Eckman
eckman at umn.edu
Wed Nov 28 22:29:28 GMT 2007
John H. Robinson, IV wrote:
> Wes Young wrote:
>> Frank Bulk wrote:
>>> Ok, 12 hours have passed since I contacted the security and abuse addresses
>>> at a larger university regarding a spamming incident, with no response or
>>> even confirmation.
>>>
>>> Is posting the school's name in unisog now fair game? ;)
>> How would anyone benefit from that?
>
> To know that if any of us need to contact that school regarding a
> security event that extraordinary measures will need to be taken.
That's not fair. Contacting the security and abuse addresses about a
"spamming incident" basically amounts to chump change of incident
handling. On more than one occasion I've waited longer than 12 hours to
get the default autoreply from massive providers such as Yahoo! when
reporting spam. (Oops, now there I go airing dirty laundry.)
Yes, it needs to be dealt with, and yes, a computer sending spam
*usually* indicates a larger problem (infection, compromise,
untrustworthy user, etc.), but when a computer that potentially has a
100 Mbps or faster Internet connection is used to send Spam for more
than a few minutes, how many complaints do you think come in for it? Is
it really fair to expect a response? Should all 10, 100, 1,000, etc.
folks who complain each expect a response?
If it were a case where a computer was used to launch attacks against
you, and continued to do so 12 hours after you reported it, then it
might signify that "extraordinary measures will need to be taken". Heck,
I don't bother keeping track of whether or not someone replies to my
Spam complaints.
Brian
--
Brian Eckman, Security Analyst
University of Minnesota
Office of Information Technology
Security & Assurance
More information about the unisog
mailing list