[64523] in North American Network Operators' Group
RE: ISPs' willingness to take action
daemon@ATHENA.MIT.EDU (Eric Kuhnke)
Mon Oct 27 08:45:40 2003
X-Qmail-Scanner-Mail-From: eric@fnordsystems.com via server4.saturnbandwidth.net
Date: Mon, 27 Oct 2003 05:40:25 -0800
To: nanog@merit.edu
From: Eric Kuhnke <eric@fnordsystems.com>
In-Reply-To: <00d001c39c70$51718450$6500a8c0@BIGKAHUNA>
Errors-To: owner-nanog-outgoing@merit.edu
This is definitely a business opportunity for any ISPs that wish to take
advantage of it... Hire clueful abuse desk people, set up a good IDS, run
spamassassin on your mail servers, and offer free antivirus software to the
broadband connected bare win32 PCs. I am sure midsize ISP marketing
departments will be able to brand this with a slick name and print brochure
or TV commercial.
"Tired of spam and junk on the internet? Sick of Pop-ups? Worried about
the spread of worms and viruses? We're better than the competition, and
here's why...!"
>We implemented an IDS system. The ROI comes from the inbound attacks
>being detected/prevented/shunned. But it's also listening to the
>outbound stuff, so when we see that a customer has the flavor of the
>week, we cut him off, give him a call and some friendly advice, and
>everyone's happy. When we see IRC joins and port scans from a customer
>server, we give him a call, advise him that he's been rooted, and offer
>to assist in his recovery (can you say business opportunity, folks?).
>
>Blocking ports is fine as long as you let people know what you're
>blocking and why, offer alternative solutions and offer to unblock if
>it's an absolute requirement. Often, once properly educated about the
>risks, a lesser experienced admin will be excited about the opportunity
>to do it the more secure way, and will begin preparations, so I've found
>the "unblock" is usually temporary.
