what to do when found infected user?

elkolo23 · August 26, 2007, 6:45am

i have recently found a spammer on my network…
tried several times to delete virus but keeps coming backk…
what procedures should WISP practice when spammer or virus found behind a customers pc.
what best practices can be done and techniques to do it better.?

Equis · August 26, 2007, 10:32am

I block port 25 on their cpe (or my ap)

If they want to send email they need to fix

UniKyrn · August 26, 2007, 8:33pm

Disable their authentication and bounce their connection so they are thrown off your network. Then wait for them to call, explain they get their connection back when they certify their PC has been cleaned up. Also explain that if they lie about their PC being cleaned up, the account is canceled permanently.

GotNet · August 26, 2007, 9:21pm

We “tarpit” their IP. The infected computer will sometimes crash.

jp1 · August 26, 2007, 10:19pm

We give them a urgent message to disconnect the problem computer from the network and have it fixed, or we will disconnect them. If they don’t act, we temporarily suspend their service until the problem can be fixed.

t3rm · August 27, 2007, 2:55pm

I Prefer to push their packets to my SpamAssasin Server.
So it would be very wise to let them know themselves their PC infected by viruses.

Rio.Martin -

normis · August 28, 2007, 10:29am

I think this is the most logical solution. Two things you accomplish - solve your network problem, and educate user to protect themselves against viruses. Might as well tell them to migrate to Linux or Apple by the way

Diganet · August 28, 2007, 11:46am

Exactly, convert them to apple or linux.. The money you will save from not used bandwith because nobody knows how to use their PC’s is big!

/Henrik

normis · August 28, 2007, 12:10pm

sarcasm of course, but in realty - a windows user suffers from so many viruses and spywares, that even installing his pc with all the latest antivirus programs will likely never help. a beginner user can never be underestimated. as Bruce Schneier says: The user’s going to pick dancing pigs over security every time.

pedja · August 28, 2007, 12:43pm

i have disabled users to access any SMTP on the internet. We have local SMTP server and the only way to send email is to send it through local server. This alone handles spam problem since, spam software depends on sending email through external SMTP servers which are not accessible.

In addition, our local mail server checks all email using spamassassin, blacklists and virus scanners, so even if spam or virus is sent through local server, it would likely be stopped on sight.

normis · August 28, 2007, 1:31pm

a combination of all these practices should make one very secure network environment!