michael.dillon@bt.com wrote:
vendor patches. [suggests that ISPs need to be proactive about detecting and blocking compromised machines]
This I've seen suggested for a while yet I've seen many here shun the idea. "If we force someone who doesn't know they'll jump ship elsewhere in droves" seemed to be the consensus. How about "if some acted as a *group* and did not allow an uber infected machine from your client to get on a network. "Sorry we don't your $20.00 per month since its costing us 3 calls to tech support per month, we're getting overwhelmed with emailed complaints your machine is sending spam..." And so on. Wait, not feasible, instead of thinking about this logically it for a second, its likely some would focus more on countering it with an argument.
[If you still distribute any kind of software kits that do not install FireFox, you are doing your customers a disservice and making your detection and blocking task that much bigger. When you contact customers with compromised machines you might want to make it mandatory to install Firefox from your servers before re-enabling Internet access]
Agree, and disagree. When I am on Windows, I loathe using the newer versions of Firefox. Its become such a resource hog its scary. I've resorted to Opera. So you push them to Firefox anyway, what now, there are still countless amounts of vulnerabilities for FF many not even seen. Because the security industry has some numbers on vulnerabilities for Mozilla, what about the unknowns? What about the spambot herder/hoarder criminals who don't distribute code.
[Suggests that NANOG members need to raise the bar considerably to clean up their own backyard. What do you know about your own Internet peering partners?]
Are you suggesting that if peers don't clean up their act they should be de-peered? I'd like to see that happen even for a day and watch a large portion of the net crumble. I could point out off the top of my head about a dozen dirty peers and I mean extremely dirty, who would never be de-peered. Money talks
[This suggests that targetting these specific attack vectors could clean up a significant amount of the problem and correspondingly recduce your costs for detection and blocking of compromised machines.]
That would mean work. It would also mean the time alloted to focusing on how to fix it would be taken away from the time it takes to counter-argue your points. -- ==================================================== J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E