North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mitigating botnet C&Cs has become useless

  • From: Michael Loftis
  • Date: Wed Aug 09 12:10:40 2006

--On August 8, 2006 4:03:36 PM +0200 Arjan Hulsebos <[email protected]> wrote:

On Sat, 5 Aug 2006 17:17:27 -0400 (EDT), Sean Donelan typed:

Railroads have the railroad police. The Post Office has postal
inspectors.  Do we want to give ISP security the power to arrest

We (ISPs) already do have that power, we can disconnect misbehaving subscribers. And in cases like this, we should keep them off the 'net until they've cleaned up their PC.

That's a nice idea, except how? How do you prove a user has gotten the malware off and patched? And further how can they do that without internet access? Hint, FWIR, it's not legal for us to distribute MS's patches to our subs.

So how do you propose that? Some customers will fix themselves, some will just cancel and find an ISP that doesn't care they're spewing spam and worm traffic all the while complaining about how slow their internet service is.

I'm really seriously interested, and I'm not trying to be a flaming troll-bait here. This is a *huge* problem. You can turn off a user sure enough, but how do you know it's OK to let that user back on.

And besides doing that, we should educate our subs on how to properly
maintain their PC (installing and keeping up-to-date antivirus
software, patch the OS on a regular basis, you know the drill).

And how is it our responsibility to educate users? I don't think it necessarily is. However because noone else is and we're all the ones most hurt by it we're forced to.