[61438] in North American Network Operators' Group
Re: Dealing with infected users (Re: ICMP traffic increasing
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Thu Aug 28 17:27:50 2003
Date: Thu, 28 Aug 2003 17:29:18 -0400
To: Dan Hollis <goemon@anime.net>
From: Mike Tancsa <mike@sentex.net>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0308281356480.27796-100000@sasami.anime.net>
Errors-To: owner-nanog-outgoing@merit.edu
At 01:57 PM 28/08/2003 -0700, Dan Hollis wrote:
>On Thu, 28 Aug 2003, Mike Tancsa wrote:
> > The majority comply and are understanding.
>
>and the rest?
There will always be troublesome customers, but the VAST majority have been
compliant. If they dont want to comply to something as reasonable as this,
they will go to my competitors who will then have to deal with the flood of
abuse hate mail (I am calling the FBI if you dont fix this), retaliatory
attacks, black listings etc etc... i.e. they will become a headache for my
competitors.
Other sites who are large and dont necessarily have the resources to
immediately find and kill the offending host (with sobig.f the headers will
often show the NETBIOS name of the sending machine so its not THAT hard to
find), we will add local rules to contain them for now until they have
their IT consultants clean it up.
But like I said before, give your CSRs a script. Explain to the customer
how this is in their best interest... Most people are reasonable. We have
all talked to people who say things like, "I have had 10 different ISPs and
none have made me do something like this! I demand.......".... remember to
ask yourself, why have they gone through 10 different ISPs .....
---Mike
