North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: botnets: web servers, end-systems and Vint Cerf

  • From: Simon Lyall
  • Date: Fri Feb 16 21:09:58 2007

On Fri, 16 Feb 2007, J. Oquendo wrote:
> After all these years, I'm still surprised a consortium of ISP's haven't
> figured out a way to do something a-la Packet Fence for their clients
> where - whenever an infected machine is detected after logging in, that
> machine is thrown into say a VLAN with instructions on how to clean
> their machines before they're allowed to go further and stay online.

All very nice. This sort of things has been detailed a few dozen times by
various people. Doing this is not hard from a technical point of view
(which isn't to say it won't cost a lot of money to impliment).

The hard bit is creating a business case to show how spending the money to
impliment it and then wearing the cost of pissed off customers results in
a net gain to the bottom line.

If someone could actually do a survey to show how much each bot infested
customer is costing their ISP then people might be able to do something.
Right now AFAIK an extra 10,000 botted customers costs the average ISP no
more than a dozen heavy p2p users.

On the other hand Port 25 filtering probably is something that has low
enough negatives vs the positives for people to actually do.

Simon J. Lyall  |  Very Busy  |  Web:
"To stay awake all night adds a day to your life" - Stilgar | eMT.