[unisog] Notifying ISP of virus spreading computers
flynngn at jmu.edu
Fri Jun 27 13:38:10 GMT 2003
Daniel Adinolfi wrote:
> Cornell University will send a notice to the ISP for each complaint we
> receive regarding viruses that are trying to propagate on our campus,
> email-based or not.
Do you only respond to complaints or actively check logs and respond
to all viruses?
I went through the logs yesterday and from midnight until 3:30 PM
we received 1518 virus infected messages from 504 unique IP addresses.
Of course, without sobig-e it would have been less than half of that
but that would still require substantial labor to get an abuse
address and generate complaint emails for each infection. I haven't
figured out a way to automate it because of the inconsistency of
the IP registration information and because the couple whois servers
I checked seem to timeout if I try to access them too frequently.
In fact, the default verisign registry responds with a message saying
that automated lookups are specifically banned.
Security Engineer - Technical Services
James Madison University
More information about the unisog