North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Quarantine your infected users spreading malware
--On February 23, 2006 9:09:26 PM +0200 Gadi Evron <firstname.lastname@example.org> wrote:
Speakeasy suspended my service for a week over a single report from someone. The mail never even travelled through or via any of my systems, the header bit that was called in was forged. It took a week to get them to give me the information they'd gotten in complaint. There was a forged Received header (completely fabricated, including the 'Qostfix' MTA) and also a forged HELO or EHLO of a non-existent host when it actually relayed it off onto someone elses MTA.I don't really see how any ISP will terminate an account for just one complaint, after all, it's losing money.. We have seen a few good examples of pretty big ISP's who said here how quarantine works for them. Got an example on how ISP's are kicking users out?
I can't remember the exact ISP...might've been RoadRunner or TW in Toronto, but a friend had her DSL or CableModem suspendded, ended up changing providors. There was an infection, it was cleaned, they were allowed back on, then the ISP either received an old/backlogged complaint or something and they cut them off again,, but the machines were all clean (indeed watching the network for traffic over several days revealede nothing that they claimed to be the problem).
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler