North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: botnets: web servers, end-systems and Vint Cerf

  • From: Danny McPherson
  • Date: Sat Feb 17 20:08:23 2007


On Feb 16, 2007, at 11:41 AM, J. Oquendo wrote:

After all these years, I'm still surprised a consortium of ISP's haven't figured out a way to do something a-la Packet Fence for their clients where - whenever an infected machine is detected after logging in, that machine is thrown into say a VLAN with instructions on how to clean their machines before they're allowed to go further and stay online. 

"Umm, Mam, I'm sorry, but before you make that emergency
call we'll need to go to www.update.nnn and update the OS
on your machine, seems you've got some malware there at
home somewhere and you're going to need to take care of
it for me, OK?"

"Sir, before you can continue watching the World Cup or Super
Bowl you'll need to remove the spyware from your son's PC."

If you ask me, traffic providers (NSP's/NAP's) and ISP's don't mind this garbage coming out of their networks, if they did they'd actually ban together and do something about it.

Its obvious those charging for traffic will say little. Minimized traffic means minimized revenue. 

IIRC, most North America providers have fixed-rate broadband subscriber
plans.

All I see is "No we despise that kind of traffic" along with a shrug and nothing being done about it. I'm sure if some legislative body somewhere started levying fines against providers, the net would be a cleaner place. For comments on 100 million infected machines... Doubtable. Anyone can play fuzzy math games, heck I just strangely figured out that MS is costing me an arm and a leg!

While I understand your frustration, lest we not forget, providers are in
the business of making money, and solutions of this type today only add
to churn, additional operational expense and liability. It's not quite so
black and white as you make it, unfortunately.

With that, as Sean points out, providers are trying to address the issues
in an business-savvy manner and some do seem to have reasonable (IMO)
solutions underway. But be careful what you ask for, some of these
solutions you're mandating might very well resemble SiteFinder-style
schema's (or far worse) in order to justify the investment by the providers.

-danny