Assigning a fine doesn't win any friends. The customer is already miffed that: a) we talked to them and wasted their precious personal time b) 'accused' them of malicious activity c) that we took them offline d) that they'll now need to spend $100 at a computer shop or use up goodwill credits with computer-savvy friends to fix it up. No, fines don't help, at least for the majority of people. If they care in any way they will try to get it fixed ASAP, and if they don't care, well, we don't feel too bad then if we have to disconnect them. Again, that's rarely the case because 99% of people really do care. Regards, Frank -----Original Message----- From: Jeroen Massar [mailto:jeroen@unfix.org] Sent: Sunday, June 17, 2007 9:15 AM To: frnkblk@iname.com Cc: 'Sean Donelan'; nanog@nanog.org Subject: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Frank Bulk wrote:
The Billy Goat product only seems to detect and notify nefarious activity, but it does nothing for the owned clients.
I want something that restricts my owned subscribers to downloading updates and tools while preventing them from spewing forth more spam and the like.
A Billy Goat will nicely quarantine the host that is infected, that is the whole goal of the system. What access is still allowed when the host is in that quarantine is of course a matter of policy. Allowing them to access things like Windows Update and providing at least a good virusscanner + SpyBot Search&Destroy etc is most likely a good thing to do for these situations. IMHO ISPs should per default simply feed port 25 outbound through their own SMTP relays. BUT always have a very easy way (eg a Control Panel behind a user/pass on a website) to disable this kind of filtering. This is what XS4all does and it seems to have a lot of effect but still allows anybody who doesn't 'want' this protection to use the Internet the way they want it, and not the way that is prescribed before them. Of course, when they disable the filter it becomes very easy when something does go wrong to laugh at them and not allow them to turn the filter off unless they pay a fine or something similar ;) For that matter, why don't ISPs start doing that: Introduce a fine. When somebody gets infected, and thus doesn't take good care of his/her/it's computer fine them. Let them pay say $25 to get fully back on the Internet and only allow a very slow rate of traffic in the mean time. Of course, the argument most likely goes then that they will swap ISPs, but they will quickly run out of those and of course ISPs don't want to lose clients over it, as the ignorant are the ones that provide the simple cash.
Mirage Networks is the closest to it, from my limited knowledge.
As mentioned, there are most very likely different products in this area which can resolve your problem. Also one can always run your own(tm). Greets, Jeroen