North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: short Botnet list and Cashing in on DoS

  • From: Gadi Evron
  • Date: Sat Oct 09 06:38:06 2004

Most ISP's wouldn't have to deal with this problem if corporations took
the time to release better products. I was faced with the question of
"What do you do for infected clients?" What can an ISP do. Most of the
An ISP doesn't really have to do anything, either. As long as it is not in their financial interest or they are bound to it by law.

Thing is, not everybody even calls tech support.

times ISP's become the de facto MS technical support team and it is rather
understand, and won't care to since they're frustrated. Sure take a hit
with one client cancelling an account, what happens when it grows?
You lose. But how much does it cost to hire a few more tech support guys?

But as much as you might invest in tech support, some never even answer abuse mail.

As for the prior responses of "You will get DoS'ed" this I am aware of.
Actually, almost a year ago I heard somebody say: "Protection money? Online?!" Pay us or we will DDoS you?! That's stupid. In real life if you payed you at least know that the bad guys:
(1) Really won't trash your place.
(2) Will stop others from trashing your place.

Online, say you paid - so what? They can still DDoS you, and if they won't.. who says somebody else won't?

With every kiddie owning so many Cable/DSL ranges.. it is plain and simple scary.

this since it bugs me) EV1, Everybody's Internet. Not only do they host
some botnets, malware spewing servers, spam relays, terrorists related
sites, their excuse is "Well we don't know who we rent to"

I don't care if they see it and don't do anything, I'd start with them answering abuse mail.

Yes their is little that can be done right now, but yet there ARE
things that CAN BE DONE. I'm one that is skeptical about laws since laws
abroad would mean nothing here and vice versa, but where are things
Not necessarily, but yes.. there are always countries like North Korea.

headed? Spend more on infrastructure to support these issues when you
shouldn't have to or buy bigger equipment to handle filtering when you
shouldn't have to. I say nip it at the bud, if you're an upstream provider
and you see some of these issues, three strikes shut these things down, or
nullroute them, don't just sit twiddling your thumbs "Oh but that won't
help your idea is silly because foo_x reason." Have something better in

I truly believe that if the uplinks wanted spam, viruses and the rest of the dirt out of their tubes, they would manage it. Thing is - why should they?
(1) Their clients don't like to be "censored".
(2) It's an headache and a setback, on *all* levels.
(3) Everybody in the food chain pays for bigger tubes.