[unisog] Notifying ISP of virus spreading computers

Daniel Adinolfi dra1 at cornell.edu
Fri Jun 27 12:53:48 GMT 2003


On Thursday, Jun 26, 2003, at 15:12 US/Eastern, Gary Flynn wrote:
> How many of you take the time to notify ISPs of computers
> on their networks that are infected with viruses and that
> are sending spoofed, infected messages?

Cornell University will send a notice to the ISP for each complaint we 
receive regarding viruses that are trying to propagate on our campus, 
email-based or not.  It is helpful that we have a 24x7 Network 
Operations Center staff to perform the basic triage necessary to decide 
whether or not to send a message and to whom.

> Do you have it automated?
See above.  This is currently a manual process.  Most of our incident 
response procedures are manual, though they are all scripted and use 
form letters for consistency.  This is true for DMCA notifications, 
system compromises, scan/probes (which do have some automated 
components, but that's another discussion), etc.

As far as responses to our complaints, we rarely receive anything but 
an automated response.  Of course, when we receive reports that we have 
a computer that is propagating a virus, we usually only respond to the 
complainant with a form letter (and work with the on-campus netadmins 
and sysadmins to clean the infected computer, of course).


Daniel Adinolfi, CISSP
Senior Security Engineer, IT Security Office
Cornell University - Office of Information Technologies
email: dra1 at cornell.edu	    phone: 607-255-7657

More information about the unisog mailing list