[126911] in North American Network Operators' Group
Re: Nato warns of strike against cyber attackers
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Jun 8 22:34:09 2010
From: Owen DeLong <owen@delong.com>
To: Brielle Bruns <bruns@2mbit.com>
In-Reply-To: <4C0EA863.9020606@2mbit.com>
Date: Tue, 8 Jun 2010 21:29:51 -0500
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Sent from my iPad
On Jun 8, 2010, at 3:30 PM, Brielle Bruns <bruns@2mbit.com> wrote:
> On 6/8/10 2:12 PM, Dave Rand wrote:
>=20
>> It's really way, way past time for us to actually deal with =
compromised
>> computers on our networks. Abuse desks need to have the power to =
filter
>> customers immediately on notification of activity. We need to have =
tools to
>> help us identify compromised customers. We need to have policies =
that
>> actually work to help notify the customers when they are compromised.
>>=20
>> None of this needs to be done for free. There needs to be a =
"security
>> fee" charged _all_ customers, which would fund the abuse desk.
>>=20
>> With more than 100,000,000 compromised computers out there, it's =
really
>> time for us to step up to the plate, and make this happen.
>=20
>=20
> Problem is, there's no financial penalties for providers who ignore =
abuse coming from their network.
>=20
Problem is there's no financial liability for producing massively =
exploitable software.
No financial penalty for operating a compromised system.
No penalty for ignoring abuse complaints.
Etc.
Imagine how fast things would change in Redmond if Micr0$0ft had to pay =
the cleanup costs for each and every infected system and any damage said =
infected system did prior to the owner/operator becoming aware of the =
infection.
> DNSbl lists work only because after a while, providers can't ignore =
their customer complaints and exodus when they dig deep into the bottom =
line.
>=20
> We've got several large scale IP blocks in place in the AHBL due to =
this exact problem - providers know there's abuse going on, they won't =
terminate the customers or deal with it, because they are more then =
happy to take money.
>=20
> Legit customers get caught in the cross-fire, and they suffer - but at =
the same time, those legit customers are the only ones that will be able =
to force a change on said provider.
>=20
> They contact us, and act all innocent, and tell people we're being =
unreasonable, neglecting to tell people at the same time that the =
'unreasonable' DNSbl maintainer only wants for them to do a simple task =
that thousands of other providers and administrators have done before.
>=20
> --=20
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org / http://www.ahbl.org
