kenw@kmsi.net wrote:
As I see it, we're experiencing an ever-increasing flood of garbage network traffic. While not all of it is easy or appropriate to target, it seems to me there's some "low hanging fruit" that could generate serious gains with relatively little investment.
I agree to an extent, though I think there are much more reasonable places to start rather than adding IDS functionality to ISP routers and moving to whitelist-only SMTP. Anti-spoof/BGP filtering, DoS tracking/sinkholing, working abuse@ addresses, etc. But the problem is with the end-hosts, so a common viewpoint is that this is where the majority of the cleanup work needs to be done. This was discussed at length not long ago.
A few things that make sense to me (as a non-ISP network consultant) include:
1) Summarily fencing/sandboxing/disconnecting clients sending high volumes of spam, virii, etc. You might politely contact your commercial/static clients first, but anyone connecting a "bare" PC on a broadband circuit is too stupid to deserve coddling. The great majority of your clients would thank you profusely.
What if the great majority of your clients are bare PCs on broadband circuits?
So, the big question: why don't ISPs do more of this?
What's the ROI? The costs have to be offset somehow. How easy is it to convince clients to pay more to be your customer because you're more strict on garbage traffic originating from your network relative to your competitors? Many feel that basic preventative measures like the ones I mentioned are things that all ISPs "should" do for the sake of making the Internet a better place, or however you want to phrase it. But the decision makers at a lot of ISPs seem to take a different viewpoint, perhaps because their primary concern, as businesses, are dollar signs. -Terry