Nicole Harrington wrote: >Hello >As a sort of addendum to the thread of "Quarantine your infected users >spreading >malware" I am curious how other handle contact to the users/clients for network >security incidents. > > The question I have is; When someone reports an incident to you about >one of your clients (a user or server owner) possibly being infected, having >an owned box being used for hacking into other servers or being used to spread > malware, how much information do you send/forward on to that user/client to >support your case. > > Is it normal practice to simply forward on unaltered logs sent in by those >complaining or do you sanitize them a bit to protect the people notifying you? > Do you even send them at all at first or do you simply inform them that a >complaint has been received. > > In short, how much information do you pass on to support yourself and when. > > > Thanks > > Nicole Harrington > > > All depends on the client and if I think the abuse is intentional or not.
If the user knows what he/she is doing and I don't think they are being malicious then I will send them everything. If I think they are doing it on purpose I send enough to prove my case and tell them to knock it off - before I knock it off for them (or after - depends on how much damage they are causing). If they don't have a clue then sending them a bunch of information they won't understand is pointless. We either help them clean up the mess or refer them to someone who can. -- Mark Radabaugh Amplex [EMAIL PROTECTED] 419.837.5015