[unisog] Notifying ISP of virus spreading computers

Gary Flynn flynngn at jmu.edu
Fri Jun 27 13:38:10 GMT 2003



Daniel Adinolfi wrote:

> Cornell University will send a notice to the ISP for each complaint we 
> receive regarding viruses that are trying to propagate on our campus, 
> email-based or not. 

Followup question:

Do you only respond to complaints or actively check logs and respond
to all viruses?

I went through the logs yesterday and from midnight until 3:30 PM
we received 1518 virus infected messages from 504 unique IP addresses.
Of course, without sobig-e it would have been less than half of that
but that would still require substantial labor to get an abuse
address and generate complaint emails for each infection. I haven't
figured out a way to automate it because of the inconsistency of
the IP registration information and because the couple whois servers
I checked seem to timeout if I try to access them too frequently.
In fact, the default verisign registry responds with a message saying
that automated lookups are specifically banned.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list