North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How do you handle client contact for network abuse/malware compaints etc.?

  • From: Chris Kuethe
  • Date: Wed Mar 01 18:12:42 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=k+MenNByjNiXbQEbgJO+qAZR8JWXUpnfiOWY2eRz+u3xOmOm2rPgCTAmhOg1XLEPSOXLYGPp8mRMDivnPwzXEOiFEldJuxCfia++zuS4tKabWP32ewjf4ASdPsRYQ3bMeGtvLiU7QDFLlfA/FF/IullFdpYsZVHMcjqpqG7YY+g=
On 3/1/06, Nicole Harrington <[email protected]> wrote:
...
>  In short, how much information do you pass on to support yourself and when.

We've found that a simple "we've received complaints about you and
your machine. Go here (symantec, fsecure, windowsupdate, etc) and
patch your machine."  works pretty well. By and large, everyone
replies back with "yeah, I was missing X, Y, and Z patches" or "I
found such-and-such virus and disinfected it".

Maybe one in a few thousand asks for logs. When the user asks for
logs, we're pretty forthcoming with them. They might just have the
same info in their windows/norton/whatever logs already.

In short, we tell them they have a problem, give them the tools to fix
it, and if asked will show them the complaint, but usually that buck
stops with us.

CK

--
GDB has a 'break' feature; why doesn't it have 'fix' too?