Re: mitigating botnet C&Cs has become useless
On Tue, 08 Aug 2006 15:10:50 -0700, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American business $29M per month because of the existence of key-logging botnets.
Maybe so, but that argument doesn't buy me more helpdesk folks. The same holds true for the bandwidth argument, especially now that bandwidth is dirt cheap. On the other hand, it shouldn't be too difficult to come up with a walled garden profile for subs that have infected PCs, basically allowing only access to a filtering proxy, so these subs can download their patches and antivirus updates through it. Gr, Arjan H
On Aug 9, 2006, at 4:04 AM, Arjan Hulsebos wrote:
Maybe so, but that argument doesn't buy me more helpdesk folks. The same holds true for the bandwidth argument, especially now that bandwidth is dirt cheap.
On the other hand, it shouldn't be too difficult to come up with a walled garden profile for subs that have infected PCs, basically allowing only access to a filtering proxy, so these subs can download their patches and antivirus updates through it.
In addition to "they still need to be able to download patches and attempt to fix their system" you may not be able to shut off all services for the subscriber regardless - e.g., they've got voice services and you're killing their emergency dialing capabilities? As importantly, broadband SPs are trying to move to triple (quad) play services, how tolerant do you think your average subscriber is to losing cable television services because their kid downloaded some malware? Minimizing subscriber churn and targeting profitable services are critical, most of these solutions today only make the problem worse - when something breaks with vanilla Internet access the first person the subscriber calls is the SP, and the resources cost for fielding those calls exceeds even that of the amortized capital costs for the service - tearing deeper into losses. I half believe that Net Neutrality itself wouldn't be an issue if operators were able to run profitable businesses in broadband service markets. Adding security to the mix only compounds the problem. -danny
Danny McPherson wrote:
As importantly, broadband SPs are trying to move to triple (quad) play services, how tolerant do you think your average subscriber is to losing cable television services because their kid downloaded some malware?
At least one of us would applaud an effort to hold people accountable for what they and their kids do. There _is_ precedent/ Any old 'phone folk around that can tell us about an "NPD for high toll"? -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
On Aug 13, 2006, at 8:35 AM, Laurence F. Sheldon, Jr. wrote:
Danny McPherson wrote:
As importantly, broadband SPs are trying to move to triple (quad) play services, how tolerant do you think your average subscriber is to losing cable television services because their kid downloaded some malware?
At least one of us would applaud an effort to hold people accountable for what they and their kids do.
Oops, I see how you could spin it that way... Let me spin it back.. What if the malware your kid's PC (or better yet, your PC) was just infected with came through a virus received in email for which no fix was currently available and the resident AV solution was unaware? Now you can't watch the game tonight, or your favorite show, or use skype to chat with your daughter in Europe, or check your email, [or call 911?] all because the malware triggered something on the network side that resulted in you being "walled gardened"? My position here is aligned with Sean's and Arjan's. IF you were able to offer any such "walled-garden" services it's not simply a binary thing, there's a large array of variables that need to be accounted for technically - entirely independent of the economic ones surrounding services that are hardly profitable already. I believe there exists a significant opportunity here for such value- adds for broadband and other services alike, but it's at least initially going to be a rather complicated one. -danny
Danny McPherson wrote:
On Aug 13, 2006, at 8:35 AM, Laurence F. Sheldon, Jr. wrote:
Danny McPherson wrote:
As importantly, broadband SPs are trying to move to triple (quad) play services, how tolerant do you think your average subscriber is to losing cable television services because their kid downloaded some malware?
At least one of us would applaud an effort to hold people accountable for what they and their kids do.
Oops, I see how you could spin it that way... Let me spin it back..
What if the malware your kid's PC (or better yet, your PC) was just infected with came through a virus received in email for which no fix was currently available and the resident AV solution was unaware?
Sorry you weren't able to get the spin you wanted, but I still think that if people want to use email readers that execute the messages instead of displaying them in plain text without seizure inducing jiggles, without root kits, without all the rest of the malware spectrum they ought to be held accountable for that action. Their choice, let them pay for it.
Now you can't watch the game tonight, or your favorite show, or use skype to chat with your daughter in Europe, or check your email, [or call 911?] all because the malware triggered something on the network side that resulted in you being "walled gardened"?
If it is my house, it won't happen twice, I betcha. And if you want to sell a service that allows misbehaviour without penalty to your misbehaving customers, more power to you. But don't make _ME_ pay for it.
My position here is aligned with Sean's and Arjan's. IF you were able to offer any such "walled-garden" services it's not simply a binary thing, there's a large array of variables that need to be accounted for technically - entirely independent of the economic ones surrounding services that are hardly profitable already.
I believe there exists a significant opportunity here for such value- adds for broadband and other services alike, but it's at least initially going to be a rather complicated one.
This morning's Omaha Weird Harold has a front-page item about the City installing free wiffy hotspots around town. It may be time for you to reconsider the options on the buggy-whip plant. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
On Sun, 13 Aug 2006, Laurence F. Sheldon, Jr. wrote:
This morning's Omaha Weird Harold has a front-page item about the City installing free wiffy hotspots around town. It may be time for you to reconsider the options on the buggy-whip plant.
Any information about how the City plans to solve the problem of their citizens using compromised PCs via their WiFi hotspots around town?
Sean Donelan wrote:
On Sun, 13 Aug 2006, Laurence F. Sheldon, Jr. wrote:
This morning's Omaha Weird Harold has a front-page item about the City installing free wiffy hotspots around town. It may be time for you to reconsider the options on the buggy-whip plant.
Any information about how the City plans to solve the problem of their citizens using compromised PCs via their WiFi hotspots around town?
Not even any word on how they will pay for it, what with a number of expensive vote getters^W^Wcivic projects having spent the available money a couple of times. But that is not really a new problem--the State of Iowa has (some time ago) equipped the highway rest areas and there are enough Starbucks around that you wonder why the City needs to do anything. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
participants (4)
-
Arjan Hulsebos
-
Danny McPherson
-
Laurence F. Sheldon, Jr.
-
Sean Donelan