North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: ISPs' willingness to take action

  • From: Eric Kuhnke
  • Date: Mon Oct 27 08:48:29 2003

This is definitely a business opportunity for any ISPs that wish to take advantage of it... Hire clueful abuse desk people, set up a good IDS, run spamassassin on your mail servers, and offer free antivirus software to the broadband connected bare win32 PCs. I am sure midsize ISP marketing departments will be able to brand this with a slick name and print brochure or TV commercial.

"Tired of spam and junk on the internet? Sick of Pop-ups? Worried about the spread of worms and viruses? We're better than the competition, and here's why...!"

We implemented an IDS system.  The ROI comes from the inbound attacks
being detected/prevented/shunned.  But it's also listening to the
outbound stuff, so when we see that a customer has the flavor of the
week, we cut him off, give him a call and some friendly advice, and
everyone's happy.  When we see IRC joins and port scans from a customer
server, we give him a call, advise him that he's been rooted, and offer
to assist in his recovery (can you say business opportunity, folks?).

Blocking ports is fine as long as you let people know what you're
blocking and why, offer alternative solutions and offer to unblock if
it's an absolute requirement.  Often, once properly educated about the
risks, a lesser experienced admin will be excited about the opportunity
to do it the more secure way, and will begin preparations, so I've found
the "unblock" is usually temporary.