Community discussions

MUM Europe 2020
 
elkolo23
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Mon May 28, 2007 9:30 pm

what to do when found infected user?

Sun Aug 26, 2007 9:45 am

i have recently found a spammer on my network...
tried several times to delete virus but keeps coming backk...
what procedures should WISP practice when spammer or virus found behind a customers pc.
what best practices can be done and techniques to do it better.?
 
User avatar
Equis
Forum Veteran
Forum Veteran
Posts: 888
Joined: Mon Jun 06, 2005 6:48 am

Re: what to do when found infected user?

Sun Aug 26, 2007 1:32 pm

I block port 25 on their cpe (or my ap)

If they want to send email they need to fix :-)
 
UniKyrn
Member Candidate
Member Candidate
Posts: 245
Joined: Fri Dec 24, 2004 9:27 pm
Location: Spokane, WA

Re: what to do when found infected user?

Sun Aug 26, 2007 11:33 pm

Disable their authentication and bounce their connection so they are thrown off your network. Then wait for them to call, explain they get their connection back when they certify their PC has been cleaned up. Also explain that if they lie about their PC being cleaned up, the account is canceled permanently.
 
GotNet
Member
Member
Posts: 436
Joined: Fri May 28, 2004 7:52 pm
Location: Florida

Re: what to do when found infected user?

Mon Aug 27, 2007 12:21 am

We "tarpit" their IP. The infected computer will sometimes crash.
 
User avatar
jp
Long time Member
Long time Member
Posts: 600
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

Re: what to do when found infected user?

Mon Aug 27, 2007 1:19 am

We give them a urgent message to disconnect the problem computer from the network and have it fixed, or we will disconnect them. If they don't act, we temporarily suspend their service until the problem can be fixed.
 
User avatar
t3rm
Member Candidate
Member Candidate
Posts: 143
Joined: Sat Aug 04, 2007 1:57 pm
Location: Bandung - WJ - Indonesia

Re: what to do when found infected user?

Mon Aug 27, 2007 5:55 pm

I Prefer to push their packets to my SpamAssasin Server.
So it would be very wise to let them know themselves their PC infected by viruses.

- Rio.Martin -
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24383
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: what to do when found infected user?

Tue Aug 28, 2007 1:29 pm

We give them a urgent message to disconnect the problem computer from the network and have it fixed, or we will disconnect them. If they don't act, we temporarily suspend their service until the problem can be fixed.
I think this is the most logical solution. Two things you accomplish - solve your network problem, and educate user to protect themselves against viruses. Might as well tell them to migrate to Linux or Apple by the way :)
 
Diganet
Member
Member
Posts: 349
Joined: Sun Oct 30, 2005 9:30 pm
Location: Denmark
Contact:

Re: what to do when found infected user?

Tue Aug 28, 2007 2:46 pm

We give them a urgent message to disconnect the problem computer from the network and have it fixed, or we will disconnect them. If they don't act, we temporarily suspend their service until the problem can be fixed.
I think this is the most logical solution. Two things you accomplish - solve your network problem, and educate user to protect themselves against viruses. Might as well tell them to migrate to Linux or Apple by the way :)
Exactly, convert them to apple or linux.. The money you will save from not used bandwith because nobody knows how to use their PC's is big! :D

/Henrik
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24383
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: what to do when found infected user?

Tue Aug 28, 2007 3:10 pm

sarcasm of course, but in realty - a windows user suffers from so many viruses and spywares, that even installing his pc with all the latest antivirus programs will likely never help. a beginner user can never be underestimated. as Bruce Schneier says: The user's going to pick dancing pigs over security every time.
 
pedja
Long time Member
Long time Member
Posts: 684
Joined: Sat Feb 26, 2005 5:37 am

Re: what to do when found infected user?

Tue Aug 28, 2007 3:43 pm

i have disabled users to access any SMTP on the internet. We have local SMTP server and the only way to send email is to send it through local server. This alone handles spam problem since, spam software depends on sending email through external SMTP servers which are not accessible.

In addition, our local mail server checks all email using spamassassin, blacklists and virus scanners, so even if spam or virus is sent through local server, it would likely be stopped on sight.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24383
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: what to do when found infected user?

Tue Aug 28, 2007 4:31 pm

a combination of all these practices should make one very secure network environment!

Who is online

Users browsing this forum: hatred, rhczaksa and 40 guests