[Operational] Internet Police

George Bonser gbonser at seven.com
Fri Dec 10 17:45:46 UTC 2010


> From: William McCall 
> Sent: Friday, December 10, 2010 8:45 AM
> To: Lamar Owen
> Cc: nanog at nanog.org
> Subject: Re: [Operational] Internet Police


> To the folks out there that presently work for an SP, if someone
> called you (or the relevant department) and gave you a list of
> end-user IPs that were DDoSing this person/entity, how long would you
> take to verify and stop the end user's stream of crap? Furthermore,
> what is the actual incentive to do something about it?

The behavior is no different than a street gang who would attempt to
influence the behavior of a local merchant by threatening damage to the
store.  In the case of internet operations, we seem to tolerate the
behavior or simply assume little can be done so many don't even try. If
an ISP were to actively disconnect clients who were infected with a bot
(intentionally infected or not), the end users themselves might be a
little more vigilant at keeping their systems free of them.  *But* any
ISP doing that would also have to be prepared to invest some effort in
trying to help absolutely clueless people (in many cases) remove these
bots from their systems.  It can quickly become a huge time swamp.






More information about the NANOG mailing list