Damian Menscher wrote:
On Wed, 9 Jun 2004, Tris Forster wrote:
With a ridiculous number of Somefools arriving at our server daily I was trying to think of a proactive way do deal with them.
One possible solution I came up with was sending winpopups to the offending IP informing them that they are infected (there's a pretty good chance they'll get through as the infected machine is most likely not firewalled).
While the aim of doing this may be completely honourable, sending
winpopups to a non-firewalled machine stinks of spamming and thus I am
in two minds about putting it into practice
We recently had our mailserver being repeatedly hit with virus traffic, which logs showed was coming mostly from a single IP. I contacted their ISP, and they really didn't care. So I sent a few popups to them, spaced several hours apart (so as not to be a nuisance) and the machine stopped its virus traffic in about 2 days.
Automating this would be nice, but I didn't ever bother. Hard to imagine it breaking anything, though. And as long as it's sent in response to an attack (they punched you first!) and doesn't advertise anything, I don't think anyone could complain.
Damian Menscher
There's really no good way to handle this
We've been sending emails for 2 solid months to Road Runner giving everything but the kitchen sink, and they yet are to do anything. (you'd think they'd at least contact their user(s) and inform them that their systems are infected) While we have though about creating a pop up on the offending machine, we opted not to due to potential legal issues (It considered a hack and thus could be illegal)
At this point we are looking at 2 options.
1) Block offending IP's as they occur. -- Effective, but could be aggravating to potential customers
2) Warn the ISP in question, that if something isn't done soon, you're going to post their non-action along with email transcripts to the news media, whom have taken the position in the past that ISP's should be taking measures to keep the Internet (users) safe. -- Could be effective as well as in-effective.
:( There's no easy way around this issue, so I guess what I'm trying to say, if a solution works for you go for it
------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the
one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
