[97504] in North American Network Operators' Group
Re: Quarantining infected hosts (Was: FBI tells the public to call
daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Jun 18 12:00:43 2007
Date: Mon, 18 Jun 2007 11:59:13 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: nanog@nanog.org
In-Reply-To: <bb0e440a0706180830r73871a8du977a4122c9c0599d@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote:
> On 6/18/07, Sean Donelan <sean@donelan.com> wrote:
>> Automation is a non-starter unless you have people to deal with the
>> exceptions. If you don't deal with exceptions, eventually problems with
>> any automated system will overwhelm you. You can only hid behind IVR
>> recordings "You call is very important to us" for so long.
>
> You're preaching to the choir there. That still doesnt underrate the
> importance of automating this. Throwing people at it simply doesnt
> scale.
You need a both. The mistake engineers make is thinking technology
is the solution. The mistake customer care makes is thinking a pleasent
voice is the solution. The mistake law enforcement makes is thinking an
arrest is the solution. The mistake legislators make is thinking a law
is the solution. And so on.
We need a mix of all those things, including people, technology, laws and
physical arrests. The problem is not a naturally occuring phenomena.
The opponents are intelligent people who react to anything we do.
I've seen ISPs with very advanced automated systems that went unused
becaused their customer care organizations couldn't cope with the scale
of problem customers. I was building infected customer sandboxes a long
time ago. Even if your automated systems handle 99% of the problem
customers, that 1% can doom your plans if you don't understand it.
ISPs looking for automation may consider these vendors or several
free/open source alternatives.
Simplicita: http://www.simplicita.com/
Bradbord: http://www.bradfordnetworks.com/
Motive: http://www.motive.com/
Cisco/Perfigo: http://www.cisco.com/en/US/products/ps6128/index.html
F-Secure Network Control: http://www.f-secure.co.uk/enterprises/products/fsnc.html
Trend Micro Intercloud: http://us.trendmicro.com/us/about/news/pr/article/20070123143622.html
