On Fri, 25 Jun 2004 23:25:18 -0800
"W.D.McKinney" <deem@wdm.com> wrote:
>
> That's good news. GCI doesn't stop users on the network from send abuse
> regardless of how many times a week I have send notes.
>
Oh, I don't know. It might be a question of presentation. My mail server does virus scanning, and I occasionally get infected e-mails. Every so often I'll get infected e-mails with the same virus from the same IP address for several days in a row.
When I've sent GCI e-mails with log entries showing virus attacks (Netsky, etc.) from a single IP over a range of time, that IP address dissapears from my logs.
If I just forward on a single incident, that doesn't happen.
So it looks like they will prioritize their work towards reports that clearly show a pattern of the same user at the same address doing the same thing over a period of time. That sort of makes sense, as by the time traffic gets to my firewall I'm seeing my cable modem's MAC address, not theirs, so I can't definitively identify the cable modem in question. For GCI, identifying a customer by IP address is probably a lot easier if you can show that they've had the same one over time. (And even then, I suppose it is possible that three or four people with a Netsky infection could obtain the same IP address in a week's time.)
The same thing happens when I send them logs of other kinds of traffic - unrequested traffic on ports used by the current fashionable worm, etc.
Cheers,
James
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Jun 26 09:47:20 2004
This archive was generated by hypermail 2.1.8 : Sat Jun 26 2004 - 09:47:21 AKDT