North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Q: What do ISPs really think about security issues?

  • From: Suresh Ramasubramanian
  • Date: Thu Jan 10 21:09:09 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=bPynkt7Ta9ZK0GbiCmsgaX9ncyFM6SWnfNaYemQAvD0=; b=d/Q2ep96aB6vCAfVGGuFuj2LnF3Z+WMN81intZlhNZACKs2u2iQmWr9yusqNgVv+6NLDtU71tHKgIRZHKDrWendkSF13+KG6iuxDknoRFzRVHw9UyOa05+lU4atE+ndJXPXSV+07bp65P4y9HJiLG9t3OhrU/qn7LwXuEmGblyI=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=a8cGXd5K/SwP0SeN0heiXRHoqG9rhsYl0otu4z7Hc4UlD4Pqj0I/HBSLDkZ8Wim/Agy4kLLHzKpsvxl/r85+esmFJ8CSzKRFbKP+B9QHwksXPNrMUZBwhfvM6dp9GSv7A+nSftSSDyvtuU8Ew2tUmC5Vq9yM+QeoqK4reqUZwqw=
On Jan 11, 2008 1:17 AM, Rob Thomas <[email protected]> wrote:

> I'll second this point.  We've had great luck working with providers
> globally, but only after folks (such as Sean) took us under their
> wing and mentored us on the processes and setups that best help
> ISPs.  That alone would make a great *NOG presentation.

Setups that best help *ISPs*?  The fun part is that there's this
fundamental disconnect even within ISPs .. their CERT guys or security
guys go talk to each other, their abuse desks go talk to each other,
their packet pushers go talk to each other .. at
nspsec/gadicon/whatever, at MAAWG, at *NOG ..

There's little or no cross pollination between these groups, if at
all.   It is this kind of gap that needs to be bridged, just as much
as the gaps between ISPs and LE, ISPs and the anti phishing community
(banks etc, + the takedown vendor crowd), ISPs and the security
community etc etc needs bridging.

Leads to the kind of fun situation where a guy who does CERT/security
stuff for a very large ISP was up in front of a mostly abuse desk
audience, describing the Hotlan trojan (which compromises PCs to
script account creation and spamming through various webmail sites).

He's like "they were hitting us, Y, Z .... pity I didnt know who to
contact at Y or Z at all"

That, when people from the Y and Z abuse teams (Z being us in this
story), were in the same room as the abuse team from X (which the guy
works for).  And where the X, Y and Z abuse desks know each other very
well, are in constant touch over email / IM / face to face at various
conferences etc.

Talk about fundamental disconnects ..  not that I know the packet
pushers from X and Y at all (the one packet pusher I knew from X
recently got assimilated by G, so that puts paid to that ..)

    --srs

disclaimer: Names replaced by X, Y and Z solely to render this little
story fit for public consumption .. it took place at a nominally
closed meeting.  It wont take you too long to arrive at reasonably
plausible guesses for X, Y and Z, so I will leave you to the guessing.
No points for the right answer, no comment either .. what I'm pointing
out is general enough that it could be any X, Y and Z companies,