> It looks like you get the proper IP of the offending machine firing off > these worms in the header (even though everything else is forged). > > Is there any point in telling [EMAIL PROTECTED] that one of their DSL > customers is spamming the Internet with noxious messages? Anyone have any > experience regarding these warnings being responded to properly?
http://www.mynetwatchman.com has agents that will auto-report to a central DB when worms/@MM's, etc are noticed hitting your firewall. If enough diverse targets are hit from the same IP, there's an auto-escalating function on the site that will send a letter along with stats to the [EMAIL PROTECTED] Some ISPs still ignore it, but it's a good way to get your voice heard instead of just being noise. > I know you can often get educational and small business sys admins to take > care of the problem (and often they're thankful of the warning), but I > wonder if it's worth the effort to notify the big guys. Unfortunately, never as effective as we'd hope, but in the right fashion, we can be heard. > If so, has anyone hacked together anything semi-automated to deal with > this which doesn't produce unnecessary spam in cases where the real IP is > masked? Not sure what can be done when the real IP is masked from an e-mail point of view. You'd need router logs to determine source IPs, and depending on your upstream provider, the backtrace could get interesting. HTH, Seth ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
