[61566] in North American Network Operators' Group
Re: What do you want your ISP to block today?
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Sat Aug 30 02:35:56 2003
Date: Sat, 30 Aug 2003 08:33:54 +0200
Cc: NANOG <nanog@merit.edu>
To: Sean Donelan <sean@donelan.com>
From: Iljitsch van Beijnum <iljitsch@muada.com>
In-Reply-To: <Pine.GSO.4.44.0308292333350.9129-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
On zaterdag, aug 30, 2003, at 05:42 Europe/Amsterdam, Sean Donelan
wrote:
> If you don't want to download patches from Microsoft, and don't want to
> pay McAfee, Symantec, etc for anti-virus software; should ISPs start
> charging people clean up fees when their computers get infected?
Only if it impacts the ISP, which it doesn't most of the time unless
they buy an unfortunate brand of dial-up concentrators.
> Would you pay an extra $50/Mb a month for your ISP to operate a
> firewall
> and scan your traffic for you?
No way. They have no business even looking at my traffic, let alone
filtering it.
What would be great though is a system where there is an automatic
check to see if there is any return traffic for what a customer sends
out. If someone keeps sending traffic to the same destination without
anything coming back, 99% chance that this is a denial of service
attack. If someone sends traffic to very many destinations and in more
than 50 or 75 % of the cases nothing comes back or just an ICMP port
unreachable or TCP RST, 99% chance that this is a scan of some sort.
