nanog mailing list archives
Dealing with infected users (Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting
From: Mike Tancsa <mike () sentex net>
Date: Thu, 28 Aug 2003 16:01:42 -0400
We have been doing that. During quiet times our Customer Service Reps (CSR) are calling infected users telling them
a) Their computer has been compromised. In its current state it can potentially be taken over by others or other users can look at the contents of their private files etc. b) It is currently interfering with other users connections. Particularly our DSL users can blast out at a fast enough rate to hamper dialup users.
If the user is not home (often broadband users leave their computers on) the CSRs leave a message stating the customer can call in any time they like and they will be reactivated. Once doing so, they need to clean their machine ASAP-- there are several FREE point and click tools now.
The majority comply and are understanding. I think the key is to emphasize that its in their best interest and that we did it for THEIR protection (i.e. someone can potentially take over your machine,look at your private files, delete things etc etc). Also emphasize that they need to be a responsible Internet participant -- e.g. how would they like it if another user was hampering their connection because that other user had a virus and we didnt get them to clean it up. Give your CSRs a script or talking points to follow and it should be smooth for the most part.
---Mike At 12:42 PM 28/08/2003 -0700, Dan Hollis wrote:
On Thu, 28 Aug 2003, Rachael Treu wrote: > Facing facts, people are _not_ patching their stuff, in spite of pervasive > pleas and warnings from vendors and media geeks. There need to be more serious consequences for not patching. Like, having their ports turned down until they decide that patching might not be such a bad idea after all. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Current thread:
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?), (continued)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Jared Mauch (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Robert Boyle (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Paul Vixie (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Alex Rubenstein (Aug 28)
- Message not available
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Robert Boyle (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Steve Carter (Aug 28)
- ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Sean Donelan (Aug 28)
- Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Steve Carter (Aug 28)
- Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Rachael Treu (Aug 28)
- Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Dan Hollis (Aug 28)
- Dealing with infected users (Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Mike Tancsa (Aug 28)
- Re: Dealing with infected users (Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Dan Hollis (Aug 28)
- Re: Dealing with infected users (Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Mike Tancsa (Aug 28)
- Re: Dealing with infected users (Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Vadim Antonov (Aug 28)
- Re: Dealing with infected users (Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Petri Helenius (Aug 28)
- Re: Dealing with infected users (Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Omachonu Ogali (Aug 29)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Lars Erik Gullerud (Aug 28)