Most ISP's truly don't want this as their own problem. I personally don't blame them. Luckily the ISP I work for has no home users.
Most ISP's wouldn't have to deal with this problem if corporations took the time to release better products. I was faced with the question of "What do you do for infected clients?" What can an ISP do. Most of the times ISP's become the de facto MS technical support team and it is rather unfair and costly to have technical support staff on the phone constantly putting out MS' fires. They are left with the prospect of losing clients when the client is told "It's an MS problem you have to contact MS", yet they've called MS and spoke with someone likely in another country who has no clue, called Dell and spoke with yet another clueless person, and all they wanted to do was surf the net. What do you tell a client when they start stating "Well then I want to cancel my service" because they don't understand, and won't care to since they're frustrated. Sure take a hit with one client cancelling an account, what happens when it grows? As for the prior responses of "You will get DoS'ed" this I am aware of. Problems that concerned me were more of the tracking issues, coupled with the fact that there would be no guarantee that admins would do anything about it. Take the case of that one Californian who hijacked a /16 a while back I believe from a county over there. Admins like this are liable to sit back and do nothing since along the line someone is going to be paying money for the traffic. It is rather sad, and worse when you contact their upstream and they too do little. Consider (and I will keep mentioning them this since it bugs me) EV1, Everybody's Internet. Not only do they host some botnets, malware spewing servers, spam relays, terrorists related sites, their excuse is "Well we don't know who we rent to" Now I know laws are being worked in along the way, but if you own a home and rent it out, then it gets subletted, the re-sub'ed, let's say fifty transactions occurred, you own the home. If someone down the line is running drugs out of the apartment your house is gone. Yes their is little that can be done right now, but yet there ARE things that CAN BE DONE. I'm one that is skeptical about laws since laws abroad would mean nothing here and vice versa, but where are things headed? Spend more on infrastructure to support these issues when you shouldn't have to or buy bigger equipment to handle filtering when you shouldn't have to. I say nip it at the bud, if you're an upstream provider and you see some of these issues, three strikes shut these things down, or nullroute them, don't just sit twiddling your thumbs "Oh but that won't help your idea is silly because foo_x reason." Have something better in mind propose it. I'm sure some of these networks that are getting DoS'ed out of existence would love to hear them. Hell some might even pay you to implement them. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D sil @ politrix . org http://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "How can we account for our present situation unless we believe that men high in this government are concerting to deliver us to disaster?" Joseph McCarthy "America's Retreat from Victory"