Home page logo
/

nanog logo nanog mailing list archives

Re: Dealing with infected users (Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting
From: Mike Tancsa <mike () sentex net>
Date: Thu, 28 Aug 2003 17:29:18 -0400


At 01:57 PM 28/08/2003 -0700, Dan Hollis wrote:
On Thu, 28 Aug 2003, Mike Tancsa wrote:
> The majority comply and are understanding.

and the rest?

There will always be troublesome customers, but the VAST majority have been compliant. If they dont want to comply to something as reasonable as this, they will go to my competitors who will then have to deal with the flood of abuse hate mail (I am calling the FBI if you dont fix this), retaliatory attacks, black listings etc etc... i.e. they will become a headache for my competitors.

Other sites who are large and dont necessarily have the resources to immediately find and kill the offending host (with sobig.f the headers will often show the NETBIOS name of the sending machine so its not THAT hard to find), we will add local rules to contain them for now until they have their IT consultants clean it up.

But like I said before, give your CSRs a script. Explain to the customer how this is in their best interest... Most people are reasonable. We have all talked to people who say things like, "I have had 10 different ISPs and none have made me do something like this! I demand.......".... remember to ask yourself, why have they gone through 10 different ISPs .....

---Mike

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault