Jorge Amodio wrote:
None of this needs to be done for free. There needs to be a "security fee" charged _all_ customers, which would fund the abuse desk.
With more than 100,000,000 compromised computers out there, it's really time for us to step up to the plate, and make this happen.
Or you should send the bill to the company that created the software that facilitated to get so many computers compromised, some folks in Redmond have a large chunk of money on the bank.
My .02
Seems like it's come full circle again (http://irbs.net/internet/nanog/0412/0109.html) and I can always recall Rob Thomas' take on this (http://irbs.net/internet/nanog/0412/0222.html) "Filtering out bogons removes yet one more potential source of badness. Does it remove all badness? Of course not. We win by degrees. Removing any tool from the bad persons' toolkit is useful." Not forgetting Mark Andrews "Any operator not implemting BCP 38 is potentially aiding and abetting some criminal. BCP 38 is over 10 years old. There is no excuse for not having equipment in place to handle the processing needs of BCP 38." ISP's could actually offset the charges to customers with helpdesks to re-coup some equipment costs while maintaining a clean network. As for the "blame the software" comment, irrelevant. If bad hosts were minimized, there would likely be less compromises irrespective of the vendor of the software. Statistically I would think the number of compromises would go down but at the same time I believe the criminals would get smarter. That's just the nature of the beast. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E