nicejerk Posted May 30, 2004 Share Posted May 30, 2004 I do not know elsewhere to look for answers, so if any of you could help me with the following: For 2 weeks, we were receiving 30-50 e-mails a day from *.*.*.*, containing the sober.g worm. After 10 days, I complained to the ISP, because I was getting concerned, both for the spoofing and perhaps vulnerable clients. Two days later, I followed up on that complaint, because I could see the IP # had changed (user reconnected) and we were still getting same amount of mail, containing the virus from this one user. I was informed, that because of "client policy" the ISP could not give me any information about the client, but said the ISP had issued a warning and disconnected the client. BUT, the ISP only disconnected the client (maybe for a second or so), so the client could reconnect, with a different IP #, and propably "hoping" this problem would "disappear". That of course didn't happen. I was getting mad, because this user was sending spoofed mail, pretending to be sent from us, and thereby damaging our "fine reputation" and only generating traffic on servers. Finally this morning, after reading through lots of mail addresses, I thought I had narrowed the problem down to a specific customer of ours, and luckily I was right. I could inform the user, that he was causing damage, not only to us but to everyone else listed in his mail database. He promised to fix this (I'll give him time until Monday). I am only glad that I found the root of the problem, but the ISP did not do anything to help solving this (except disconnecting the abuser twice, maybe for totally 2 seconds). I think it is very irresponsible way the ISP reacted. 1. I wonder, if this could have continiued forever, if I would not have found the abuser by myself? What are my options? 2. Is there no obligation the ISP has, regarding stopping spam and virus distribution? I sincerely hope anyone of you could advise me on this (common practice, accepted practice). Best regards, nicejerk Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.