[unisog] Notifying ISP of virus spreading computers

Cam Beasley, ISO cam at austin.utexas.edu
Fri Jun 27 13:39:37 GMT 2003


Gary --

We've not had any luck with large ISPs (e.g. RR.com), but we do
send loads of semi-automated notices to .EDUs|.MILs|.GOVs|.STATEs
that are typically taken care of tout de suite and are followed
up with some response, either from a humanoid or automated mailer.

Smaller ISPs do tend to be more responsive, but also tend to 
need more hand holding through the remediation process.. 

~cam.

Cam Beasley
ITS/Information Security Office    
The University of Texas at Austin        
512.475.9242
                  

%>-----Original Message-----
%>From: Gary Flynn [mailto:flynngn at jmu.edu] 
%>Sent: Thursday, 26 June, 2003 14:13
%>To: unisog at sans.org
%>Subject: [unisog] Notifying ISP of virus spreading computers
%>
%>
%>
%>How many of you take the time to notify ISPs of computers
%>on their networks that are infected with viruses and that
%>are sending spoofed, infected messages?
%>
%>Do you have it automated?
%>
%>I've manually sent complaints to ISPs when a particular IP
%>address shows up repeatedly in our logs sending Klez
%>and now sobig-e but have never received a response.
%>
%>Anyone know if operating a virus infected computer
%>is treated as inappropriate use by commercial ISPs?
%>
%>-- 
%>Gary Flynn
%>Security Engineer - Technical Services
%>James Madison University
%>
%>
%>



More information about the unisog mailing list