How do you handle client contact for network abuse/malware compaints etc.?

Nicole Harrington nmh at
Wed Mar 1 20:38:26 UTC 2006

As a sort of addendum to the thread of "Quarantine your infected users spreading
malware" I am curious how other handle contact to the users/clients for network
security incidents. 

 The question I have is; When someone reports an incident to you about
one of your clients (a user or server owner) possibly being infected, having
an owned box being used for hacking into other servers or being used to spread
 malware, how much information do you send/forward on to that user/client to
support your case.

 Is it normal practice to simply forward on unaltered logs sent in by those
complaining or do you sanitize them a bit to protect the people notifying you?
 Do you even send them at all at first or do you simply inform them that a 
complaint has been received.
 In short, how much information do you pass on to support yourself and when.


 Nicole Harrington

                     |\ __ /|   (`\            
                     | o_o  |__  ) )           
                    //      \\                 
  -  nmh at  -  Powered by FreeBSD  -
 "The term "daemons" is a Judeo-Christian pejorative.
 Such processes will now be known as "spiritual guides"
  - Politicaly Correct UNIX Page

More information about the NANOG mailing list