North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Assigning a fine (Was: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help))
Indeed and there is no need to fine them. Simply quarantine them in a way that allows outbound WWW access and nothing else. Most customers will not notice anyway. You could also occasionally re-direct them to a forced-portal that tells them they are infected with something and describing how to fix it. Remember, they are victims too... -- Leigh Frank Bulk wrote: > Assigning a fine doesn't win any friends. The customer is already miffed > that: > a) we talked to them and wasted their precious personal time > b) 'accused' them of malicious activity > c) that we took them offline > d) that they'll now need to spend $100 at a computer shop or use up goodwill > credits with computer-savvy friends to fix it up. > > No, fines don't help, at least for the majority of people. If they care in > any way they will try to get it fixed ASAP, and if they don't care, well, we > don't feel too bad then if we have to disconnect them. Again, that's rarely > the case because 99% of people really do care. > > Regards, > > Frank > > -----Original Message----- > From: Jeroen Massar [mailto:[email protected]] > Sent: Sunday, June 17, 2007 9:15 AM > To: [email protected] > Cc: 'Sean Donelan'; [email protected] > Subject: Quarantining infected hosts (Was: FBI tells the public to call > their ISP for help) > > Frank Bulk wrote: > >> The Billy Goat product only seems to detect and notify nefarious activity, >> but it does nothing for the owned clients. >> >> I want something that restricts my owned subscribers to downloading >> > updates > >> and tools while preventing them from spewing forth more spam and the like. >> > > A Billy Goat will nicely quarantine the host that is infected, that is > the whole goal of the system. What access is still allowed when the host > is in that quarantine is of course a matter of policy. Allowing them to > access things like Windows Update and providing at least a good > virusscanner + SpyBot Search&Destroy etc is most likely a good thing to > do for these situations. > > IMHO ISPs should per default simply feed port 25 outbound through their > own SMTP relays. BUT always have a very easy way (eg a Control Panel > behind a user/pass on a website) to disable this kind of filtering. This > is what XS4all does and it seems to have a lot of effect but still > allows anybody who doesn't 'want' this protection to use the Internet > the way they want it, and not the way that is prescribed before them. Of > course, when they disable the filter it becomes very easy when something > does go wrong to laugh at them and not allow them to turn the filter off > unless they pay a fine or something similar ;) > > > For that matter, why don't ISPs start doing that: Introduce a fine. When > somebody gets infected, and thus doesn't take good care of his/her/it's > computer fine them. Let them pay say $25 to get fully back on the > Internet and only allow a very slow rate of traffic in the mean time. > > Of course, the argument most likely goes then that they will swap ISPs, > but they will quickly run out of those and of course ISPs don't want to > lose clients over it, as the ignorant are the ones that provide the > simple cash. > > >> Mirage Networks is the closest to it, from my limited knowledge. >> > > As mentioned, there are most very likely different products in this area > which can resolve your problem. Also one can always run your own(tm). > > Greets, > Jeroen > >
|