Is it possible to do a (without charging) for 21 days in the hope of
getting their attention and then b?
On 15 Dec 2016 3:20 pm, "Andy Smith" <andy@???> wrote:
> Hi,
>
> As you may be aware there are a few things that we (or third party
> services on our behalf) scan for on our own network. A
> non-exhaustive list of these things are:
>
> - Open SNMP servers
>
> - Open DNS resolvers
>
> - Open portmapper services
>
> - Open MongoDB / Memcached / Elasticsearch / Redis
>
> - Open Remote Desktop
>
> - Open multicast DNS (Avahi)
>
> - Open TFTP server
>
> - SSLv3/Poodle vulnerable services
>
> …and so on.
>
> Where these can only negatively affect the operator of the service
> (e.g. SSLv3/Poodle or an open MongoDB), we are content to just email
> you forever.
>
> However, many of these problems are worth scanning for because they
> are easily and frequently used to attack other hosts. For example,
> any "chatty" UDP protocol like portmapper or DNS can receive spoofed
> requests which will amplify, making for a DDoS on a third party.
>
> So, when we email customers about these it's because we need them
> fixed.
>
> Unfortunately some customers are either not receiving these emails
> or are happy to ignore them, for months at a time, basically until
> we open a support ticket with them and ask why they aren't dealing
> with it. This is taking up too much human time.
>
> "We did not receive the email" is now no longer a valid excuse
> because there is provision in our web panel for an
> emergency/alternate contact:
>
> https://panel.bitfolk.com/account/contacts/#toc-address-book
>
> If we've been emailing a customer for weeks about this then we will
> have also sent a copy to the emergency/alternate contact at some
> point.
>
> So, I would like your opinions on how you think we should deal with
> this. Two proposals I can think of are:
>
> a) After at least 21 days of sending email alerts to the main
> contact and the emergency contact and receiving no response, a
> firewall rule will be added to block the problematic service and
> an invoice will be raised for a managed firewall service, which
> will be a monthly recurring charge. This will be quite expensive.
>
> Or:
>
> b) After at least 21 days of sending email alerts to the main
> contact and the emergency contact and receiving no response, the
> VPS's networking will be suspended. Networking will be re-enabled
> when contact is re-established and a plan for securing the
> problem service is agreed by both BitFolk and the customer.
>
> I have already broached this question on IRC and basically no one
> was in favour of (a) because they did not feel that surprise
> invoices would go down well.
>
> If you have other suggestions for how it should be handled I would
> be happy to read and consider them. Ideas that involve either not
> dealing with the problematic services or that aren't suitable for
> automation are not likely to be acceptable though.
>
> Cheers,
> Andy
>
> --
> https://bitfolk.com/ -- No-nonsense VPS hosting
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEAREDAAYFAlhStKgACgkQIJm2TL8VSQu/gACfYuicZ4XdWkRloHOk2iiZqvoZ
> 4zAAoPNkiMEPcWN/dVVxDPKzUDtpfqBk
> =9rkS
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
>
