15 Dec
2016
15 Dec
'16
3:45 p.m.
Hi Michael,
On Thu, Dec 15, 2016 at 03:25:02PM +0000, Michael Stevens wrote:
I'm fairly happy with (b) however it'd be nice
to be more specific about
what can get you suspended,
At the moment the scanning is done either by me running a script or
else by ShadowServer running something every day and emailing us a
CSV. Based on those, we then send out emails asking customers to fix
it.
Right now, Portmapper is the most common one and there is a
semi-automated "please fix this" email that goes out. I will also
send out "please fix this" emails for SNMP and DNS resolver because
they are also DDoS amplification vectors. But they are less
automated as they are rarer.
So anyway what I am saying is: there's a small number of things,
which we would of course list off on some wiki page and automate the
(email) reporting of.
maybe visibility in the panel of your scan status,
that sort of
thing.
I hadn't, however, intended going as far as making Nagios alerts and
bits on the panel etc for this, as that would be significant work. I
was really hoping that email alerts would be enough for this. I'm
also willing to SMS people who've supplied a cell phone number the
day before the network suspension will happen.
Is that sufficient?
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting