From: William McCall Sent: Friday, December 10, 2010 8:45 AM To: Lamar Owen Cc: nanog@nanog.org Subject: Re: [Operational] Internet Police
To the folks out there that presently work for an SP, if someone called you (or the relevant department) and gave you a list of end-user IPs that were DDoSing this person/entity, how long would you take to verify and stop the end user's stream of crap? Furthermore, what is the actual incentive to do something about it?
The behavior is no different than a street gang who would attempt to influence the behavior of a local merchant by threatening damage to the store. In the case of internet operations, we seem to tolerate the behavior or simply assume little can be done so many don't even try. If an ISP were to actively disconnect clients who were infected with a bot (intentionally infected or not), the end users themselves might be a little more vigilant at keeping their systems free of them. *But* any ISP doing that would also have to be prepared to invest some effort in trying to help absolutely clueless people (in many cases) remove these bots from their systems. It can quickly become a huge time swamp.