Dealing with infected users (Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting
Mike Tancsa
mike at sentex.net
Thu Aug 28 21:29:18 UTC 2003
At 01:57 PM 28/08/2003 -0700, Dan Hollis wrote:
>On Thu, 28 Aug 2003, Mike Tancsa wrote:
> > The majority comply and are understanding.
>
>and the rest?
There will always be troublesome customers, but the VAST majority have been
compliant. If they dont want to comply to something as reasonable as this,
they will go to my competitors who will then have to deal with the flood of
abuse hate mail (I am calling the FBI if you dont fix this), retaliatory
attacks, black listings etc etc... i.e. they will become a headache for my
competitors.
Other sites who are large and dont necessarily have the resources to
immediately find and kill the offending host (with sobig.f the headers will
often show the NETBIOS name of the sending machine so its not THAT hard to
find), we will add local rules to contain them for now until they have
their IT consultants clean it up.
But like I said before, give your CSRs a script. Explain to the customer
how this is in their best interest... Most people are reasonable. We have
all talked to people who say things like, "I have had 10 different ISPs and
none have made me do something like this! I demand.......".... remember to
ask yourself, why have they gone through 10 different ISPs .....
---Mike
More information about the NANOG
mailing list