[unisog] Notifying ISP of virus spreading computers
dra1 at cornell.edu
Fri Jun 27 12:53:48 GMT 2003
On Thursday, Jun 26, 2003, at 15:12 US/Eastern, Gary Flynn wrote:
> How many of you take the time to notify ISPs of computers
> on their networks that are infected with viruses and that
> are sending spoofed, infected messages?
Cornell University will send a notice to the ISP for each complaint we
receive regarding viruses that are trying to propagate on our campus,
email-based or not. It is helpful that we have a 24x7 Network
Operations Center staff to perform the basic triage necessary to decide
whether or not to send a message and to whom.
> Do you have it automated?
See above. This is currently a manual process. Most of our incident
response procedures are manual, though they are all scripted and use
form letters for consistency. This is true for DMCA notifications,
system compromises, scan/probes (which do have some automated
components, but that's another discussion), etc.
As far as responses to our complaints, we rarely receive anything but
an automated response. Of course, when we receive reports that we have
a computer that is propagating a virus, we usually only respond to the
complainant with a form letter (and work with the on-campus netadmins
and sysadmins to clean the infected computer, of course).
Daniel Adinolfi, CISSP
Senior Security Engineer, IT Security Office
Cornell University - Office of Information Technologies
email: dra1 at cornell.edu phone: 607-255-7657
More information about the unisog