I would make that whole thing about 1/3 the length, and not put a sales pitch in the same email as a "You are in violation of AUP" stuff.
On Wed, Apr 27, 2016 at 10:46 PM, That One Guy /sarcasm < [email protected]> wrote: > is it too obvious this is a sales pitch for a managed Fortigate? > > Since installation of your internet service, we, as an Internet Service > Provider, have received an abnormal number of reports of abusive activity > emanating from your service connection. The complaints are primarily spam > emails and "brute force" attempts to penetrate multiple secured networks. > In all likelihood there are one or more devices behind your router that > have been victimized by malware in one form or another. If you are offering > public access to the internet via your internet connection, while > technically a violation of our Acceptable use policy, we tend to give a > good deal of leniency to businesses such as yours, up until the point we > begin to continually receive complaints associated with your connection. > However, given the nature of the complaints tied to your IP address (the > publicly visible identifier of your connection) we do have to address this > issue, as the volume of the reports at this point has exceeded a threshold > that we are able to ignore. Eventually this will result in our public > reputation as a service provider being one that allows malicious, and > potentially illegal activity from our customer base, this can result in all > our customers experiencing issues with things such as undeliverable emails > and restricted access to common internet destinations. > We prefer to not have to enforce our Acceptable Use Policies and a > component of out Terms of Service that we require all our customers to > agree to as part of our service contract, however, at this point we must > resolve the current issue to avoid this. > We request that you review your internal network, for any devices that may > be housing malicious software. We recommend at minimum, utilizing programs > such as Malware bytes AntiMalware as well as any of the multitude of > commercially available Antivirus Solutions. We do also recommend the > implementation of a quality hardware Unified Threat Management (UTM) > solution to manage all traffic from your connection. We primarily utilize a > Fortigate brand solution, but there are many other cost effective hardware > firewall solutions that off a Quality UTM product. > Please address this issue at your earliest convenience. As prior stated, > we do prefer to not have to enforce the components of our Terms of Service > that all our customers agree to, but we have reached an impasse due to the > high volume of complaints we have received regarding your connection. If > you have any questions regarding this matter, feel free to communicate with > us directly via our customer portal or by utilizing our customer service > solutions available via telephone during normal business hours > > On Thu, Apr 28, 2016 at 12:20 AM, That One Guy /sarcasm < > [email protected]> wrote: > >> yeah, its a bar. >> >> On Wed, Apr 27, 2016 at 10:32 PM, Ken Hohhof <[email protected]> wrote: >> >>> Did the OP state the customer was a bar? I missed that. >>> >>> >>> *From:* Eric Kuhnke <[email protected]> >>> *Sent:* Wednesday, April 27, 2016 10:19 PM >>> *To:* [email protected] >>> *Subject:* Re: [AFMUG] abuse reports on customer IPs >>> >>> It'll break basic functionality. At least in the Pacific Northwest I >>> haven't run into an open coffee shop wifi (Blenz, McDonalds, Starbucks, >>> Waves Coffee, and a dozen other competitors) that operates a default-deny >>> filter as you describe. In fact it's even possible to torrent through 95% >>> of them without connecting to my VPN. >>> >>> Even the fast food burger restaurants don't seem to have particularly >>> restrictive firewalls in place on their free wifi (Jack in the Box, Burger >>> King). >>> >>> If the bar owner referenced in the original wants to try to do that, >>> with their own firewall, they can certainly try... But it's not the ISP's >>> responsibility to configure the user's in-premises wifi/"last 20 meters" >>> connection to client devices. Define a hard demarc point at "This is the >>> 100BaseTX port to the WAN of your router, here is your ca5e cable, please >>> let us know if you see any packet loss or downtime". >>> >>> Unless you have some sort of managed services division that charges >>> extra and deals with the hassle of maintaining the end user's firewall/wifi. >>> >>> >>> >>> >>> On Wed, Apr 27, 2016 at 8:10 PM, Ken Hohhof <[email protected]> wrote: >>> >>>> If this is an open WiFi hotspot, why can’t you allow basic web >>>> browsing, POP/IMAP, and SMTP port 587 but not 25, and block everything >>>> else? >>>> >>>> I often find that at hotpots I can’t use telnet, SSH, Winbox, etc. >>>> Probably can’t connect to destination port 25 either. Heck, most regular >>>> ISPs block destination port 25. >>>> >>>> Open Internet should not apply to a coffee shop hotspot, I don’t think >>>> you are required to transport anything and everything in that situation. >>>> >>>> >>>> *From:* Eric Kuhnke <[email protected]> >>>> *Sent:* Wednesday, April 27, 2016 8:58 PM >>>> *To:* [email protected] >>>> *Subject:* Re: [AFMUG] abuse reports on customer IPs >>>> >>>> If it is a customer that operates a open public wifi AP like a coffee >>>> shop, bar, restaurant, there is not a lot that you can do. Customer won't >>>> stop running open wifi, people won't stop bringing in infected laptops. No >>>> way to find out who has the infected laptops/devices. >>>> >>>> One possible solution if sufficient ARIN IP space is available is to >>>> put all such customers in their own special swamp netblock as static >>>> assignments. Consider that block forever sullied. >>>> >>>> On Wed, Apr 27, 2016 at 6:54 PM, That One Guy /sarcasm < >>>> [email protected]> wrote: >>>> >>>>> I know its bad practice, I normally enjoy turning customers off, it >>>>> makes me feel godlike and powerful, alot of times when i get to shut one >>>>> off i go upstairs and drag mu woman from her bed by her hair to the >>>>> kitchen >>>>> to make me a sammich. but for whatever reason i like this customer >>>>> >>>>> On Wed, Apr 27, 2016 at 5:31 PM, Eric Kuhnke <[email protected]> >>>>> wrote: >>>>> >>>>>> Spam and botnet activity is far more harmful to the health of your >>>>>> network and the IP reputation of your netblocks than anything DMCA >>>>>> related. >>>>>> >>>>>> >>>>>> torrents and DMCA notifications don't hurt the network. Knowingly >>>>>> leaving something that is a repository of virii/worms/trojans online is >>>>>> just bad practice. >>>>>> >>>>>> >>>>>> On Wed, Apr 27, 2016 at 7:09 AM, That One Guy /sarcasm < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> We have a particular customer, We have been getting tons of abuse >>>>>>> reports on their static IP, I assume we will never be able to wash this >>>>>>> sullied IP clean. Theyre not really doing any harm to our network, or >>>>>>> impacting others on the network, they are in full breach of our TOS, >>>>>>> thats >>>>>>> for sure. suprisingly, its primarily spam and botnet activity, but no >>>>>>> DMCA. >>>>>>> >>>>>>> Is there any liability on us as an ISP to not address this >>>>>>> affirmatively with the customer. Im going to contact them, may offer a >>>>>>> leased fortigate UTM option. But if there isnt a resolution, other than >>>>>>> their static IP residing on every blacklist can we get nailed? >>>>>>> >>>>>>> Its a good customer, pays their bill on time, worked with us through >>>>>>> a service issue without the usual "gimme discounts and free shit or im >>>>>>> going elsewhere" I dont want to HAVE to disconnect them if im not >>>>>>> required >>>>>>> to and theyre not impacting others if they cant or wont resolve the >>>>>>> issues >>>>>>> >>>>>>> -- >>>>>>> If you only see yourself as part of the team but you don't see your >>>>>>> team as part of yourself you have already failed as part of the team. >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> If you only see yourself as part of the team but you don't see your >>>>> team as part of yourself you have already failed as part of the team. >>>>> >>>> >>>> >>> >>> >> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >
