[unisog] Notifying ISP of virus spreading computers
Cam Beasley, ISO
cam at austin.utexas.edu
Fri Jun 27 13:39:37 GMT 2003
We've not had any luck with large ISPs (e.g. RR.com), but we do
send loads of semi-automated notices to .EDUs|.MILs|.GOVs|.STATEs
that are typically taken care of tout de suite and are followed
up with some response, either from a humanoid or automated mailer.
Smaller ISPs do tend to be more responsive, but also tend to
need more hand holding through the remediation process..
ITS/Information Security Office
The University of Texas at Austin
%>From: Gary Flynn [mailto:flynngn at jmu.edu]
%>Sent: Thursday, 26 June, 2003 14:13
%>To: unisog at sans.org
%>Subject: [unisog] Notifying ISP of virus spreading computers
%>How many of you take the time to notify ISPs of computers
%>on their networks that are infected with viruses and that
%>are sending spoofed, infected messages?
%>Do you have it automated?
%>I've manually sent complaints to ISPs when a particular IP
%>address shows up repeatedly in our logs sending Klez
%>and now sobig-e but have never received a response.
%>Anyone know if operating a virus infected computer
%>is treated as inappropriate use by commercial ISPs?
%>Security Engineer - Technical Services
%>James Madison University
More information about the unisog