Donald.Smith@qwest.com GCIA pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC Brian Kernighan jokingly named it the Uniplexed Information and Computing System (UNICS) as a pun on MULTICS.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Matthew Sullivan Sent: Monday, June 14, 2004 3:26 PM Cc: nanog Subject: Re: "Default" Internet Service
Smith, Donald wrote:
First are the consumers willing to pay for a "safer" internet DSL/dial/isdn?
Why should they have to?
Because it costs money to mitigate the attacks coming from their infected machines. It takes people and people want to be paid. Given a larger security abuse team we could do more.
I believe if they were there would be a safer service available. I have seen several "secure" isp's fail in the last few years. If you have any data that shows that there is a market for a more secure dialup/DSL/isdn... please share it.
No, but it won't belong before you will find half a dozen reasons why as an ISP you will want to do it - but then it may be too late.
2nd blaming infected machines on the internet is similar to blaming your postal carrier for bringing you junk mail and bills.
Crap
About 1/2 of all of the large "infection" events on the internet are the result of people running unpatched unsecured applications on their machines. The other half of the infections I see are due to an end user opening an email and running an attachment.
Correct
Even with a secure OS this simple method of infection will continue to work.
Correct
However you are ignoring the fact that once the machine is infected, the machine can be used by hundreds of people (skript kiddies) to damage other parts of the internet, further they can (and are) being used by organised crime to extort money out of large financial institutions and companies, and that's not to mention DDoS's on the smaller people who are just in the way.
Agreed.
How and when did it become the responsibility of the ISP to protect the end users machines?
It hasn't, however the data coming from an ISPs network has always been the responsibility of the ISP.... and I would suggest if you cannot stop the endusers getting infected, then you should look at stopping those machines from abusing other machines on the internet.... If you will not do that you should not be peered.
AFAIK all major ISP's are processing 1000's of infected host. This includes notification of the end user, assistence in cleaning and identifing the infections and responses to the people providing the lists of infected hosts.
Do ISP's get paid to protect end user machines?
No, they get paid for traffic, which is the reason some ISPs out there don't care if their customers are DDoSing anothers network.
Most US ISP's end users (DSL/DIAL/ISDN/CABLE) are on a flat rate. The end user is not charged for the bandwidth. I have received NO PUSHBACK from sales on any of the projects we have worked on to mitigate the effects of bots/worms/virii on our network. I personally don't believe there are ISP's that don't mitigate so they can get the extra $$$ the worm traffic is generating.
If you want to blame someone maybe the company that provided the insecure os that requires monthly patches to fix portions of the broken code they sold. Or you could blame the end users who open unknown attachments.
Yup, we've been doing that for years, and they have been fixing things as fast as possible (not always, and not until more recently) however they are making steps in the right direction, so I feel it's about time ISP's started taking some of the responsibility for traffic on their network. As far as the attachments go, education is the only way - and if they cannot be educated they shouldn't be on the Internet.
How will you keep them off?
I would like a real solution to the problem. Simply blocking ports is not successful. So I recommend 2 steps.
First buy OS's that are more secure out of the box.
That's not going to happen anytime soon, even with Microsoft starting to follow the 'right' road.
I believe there are OSes that are much more secure out of the box then Microsoft's products.
2nd Teach users NOT to click on every thing they see.
...and how are you going to do that? If you give a user a
Education as you stated above.
$10 account where they have full internet access they click on everything, then they get infected, their machine is controlled by someone else across the world and is used for DDoS attacks or spam (or..hacking, or...?) .. what are you going to do to educate them in the middle....? What is the ISP going to do to make sure that the enduser has been educated? What are you the ISP going to do to ensure the machine that was infected has now been disinfected...?
You have not convinced me that either of these is currently an ISP responsibility.
I don't expect you the ISP to solve all these problems, nor do I expect you the ISP to stop your users from getting infected.... However you the ISP are responsible for traffic coming from and going to your users, and most of us don't care if you want to allow your users to get infected, however we do care if you allow your customers to attack us.... Whether it be an attack in the form of spam, DDoS or trojan/virus spreading.
As an ISP I am responsible to ensure my users can send and receive packets. Want to contribute? Consider volunteering time at one of the public internet security sites. Complaining that ISP's are not doing enough is not productive.
/ Mat
Smith, Donald wrote:
First are the consumers willing to pay for a "safer" internet DSL/dial/isdn?
Why should they have to?
Because it costs money to mitigate the attacks coming from their infected machines. It takes people and people want to be paid. Given a larger security abuse team we could do more.
That's a reason abusers should have to pay cleanup fees. It's not a reason responsible or naive users should pay more for a safer internet unless they choose to. Owen -- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery.
hitler, ashcroft, blair, delong, rumsfeld, hussain, bush (the other one:-), sharon, putin, mugabe, salazar, ...
RB> Date: Mon, 14 Jun 2004 16:26:13 -0700 RB> From: Randy Bush RB> hitler, ashcroft, blair, delong, rumsfeld, hussain, bush RB> (the other one:-), sharon, putin, mugabe, salazar, ... Godwin is dead. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.
Owen DeLong wrote:
Smith, Donald wrote:
First are the consumers willing to pay for a "safer" internet DSL/dial/isdn?
Why should they have to?
Because it costs money to mitigate the attacks coming from their infected machines. It takes people and people want to be paid. Given a larger security abuse team we could do more.
That's a reason abusers should have to pay cleanup fees.
Which is something people condem me for doing with the SORBS spam database.... even with the money going directly to charity (or other non charity good causes) Majority of people in the SORBS spam database are those who have abused my mailserver and my mailbox. / Mat
Smith, Donald wrote:
I don't expect you the ISP to solve all these problems, nor do I expect you the ISP to stop your users from getting infected.... However you the ISP are responsible for traffic coming from and going to your users, and most of us don't care if you want to allow your users to get infected, however we do care if you allow your customers to attack us.... Whether it be an attack in the form of spam, DDoS or trojan/virus spreading.
As an ISP I am responsible to ensure my users can send and receive packets.
Want to contribute? Consider volunteering time at one of the public internet security sites. Complaining that ISP's are not doing enough is not productive.
I consider the work I put into SORBS a significant contribution to internet security.... / Mat
participants (5)
-
Edward B. Dreger -
Matthew Sullivan -
Owen DeLong -
Randy Bush -
Smith, Donald