mailing list archives
Re: Quarantine your infected users spreading malware
From: Michael Loftis <mloftis () wgops com>
Date: Thu, 23 Feb 2006 15:01:17 -0600
--On February 23, 2006 9:09:26 PM +0200 Gadi Evron <ge () linuxbox org> wrote:
I don't really see how any ISP will terminate an account for just one
complaint, after all, it's losing money..
We have seen a few good examples of pretty big ISP's who said here how
quarantine works for them.
Got an example on how ISP's are kicking users out?
Speakeasy suspended my service for a week over a single report from
someone. The mail never even travelled through or via any of my systems,
the header bit that was called in was forged. It took a week to get them
to give me the information they'd gotten in complaint. There was a forged
Received header (completely fabricated, including the 'Qostfix' MTA) and
also a forged HELO or EHLO of a non-existent host when it actually relayed
it off onto someone elses MTA.
I can't remember the exact ISP...might've been RoadRunner or TW in Toronto,
but a friend had her DSL or CableModem suspendded, ended up changing
providors. There was an infection, it was cleaned, they were allowed back
on, then the ISP either received an old/backlogged complaint or something
and they cut them off again,, but the machines were all clean (indeed
watching the network for traffic over several days revealede nothing that
they claimed to be the problem).
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler