|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ISPs' willingness to take action
----- Original Message ----- From: "Eric Kuhnke" <[email protected]> To: <[email protected]> Sent: Monday, October 27, 2003 8:40 AM Subject: RE: ISPs' willingness to take action > > This is definitely a business opportunity for any ISPs that wish to take > advantage of it... Hire clueful abuse desk people, set up a good IDS, run > spamassassin on your mail servers, and offer free antivirus software to the > broadband connected bare win32 PCs. I am sure midsize ISP marketing > departments will be able to brand this with a slick name and print brochure > or TV commercial. * But customers of broadband ISP aren't going to want to pay more than $40 a month for any such thing you add, and just how clueful do you want help desk people (I don't think you meant abuse desk ... there probably isn't even one) ? $20 an hour? $26 an hour? That isn't gonna happen. And the PRINT and Commercials cost money as well. Which is fine for signing up new customers ... and there is always that customer churn. You can say you raised the bill because you added IDS, and Spamware, and Virusware, and because they get free AV and Firewall software ... and the majority of customers are going to have a fit. They think the whole thing is the responsibility of the ISP at the current rate (or even cheaper!). "You let that virus come into my computer" ... "It came over YOUR network!!!!". > > "Tired of spam and junk on the internet? Sick of Pop-ups? Worried about > the spread of worms and viruses? We're better than the competition, and > here's why...!" * Because we're more expensive ;-) > > >We implemented an IDS system. The ROI comes from the inbound attacks > >being detected/prevented/shunned. But it's also listening to the > >outbound stuff, so when we see that a customer has the flavor of the > >week, we cut him off, give him a call and some friendly advice, and > >everyone's happy. When we see IRC joins and port scans from a customer > >server, we give him a call, advise him that he's been rooted, and offer > >to assist in his recovery (can you say business opportunity, folks?). > > > >Blocking ports is fine as long as you let people know what you're > >blocking and why, offer alternative solutions and offer to unblock if > >it's an absolute requirement. Often, once properly educated about the > >risks, a lesser experienced admin will be excited about the opportunity > >to do it the more secure way, and will begin preparations, so I've found > >the "unblock" is usually temporary. > * I love that wishful thinking. But I kept seeing the same experienced admins (or so they said) with the same spam complaints, pointing at their IP Address (even after it was changed). And home users who said they got rid of the virus but it was still there pumping away just like before you called them. We had some users that were happy we had cut them off, and told them that they had a problem (virus or otherwise). --- Alan Spicer ([email protected]) http://aspicer.homelinux.net/ http://telecom.dyndns.biz/ Systems and Network Administration, and Telecommunications
|