ISPs' willingness to take action

• Previous message (by thread): email to @emea.att.com still not going through -- anyone at AT&T available to look into this
• Next message (by thread): ISPs' willingness to take action
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm a little puzzled, and I hope people won't object to my asking about
this.

As I see it, we're experiencing an ever-increasing flood of garbage network
traffic.  While not all of it is easy or appropriate to target, it seems to
me there's some "low hanging fruit" that could generate serious gains with
relatively little investment.

A few things that make sense to me (as a non-ISP network consultant)
include:

1) Summarily fencing/sandboxing/disconnecting clients sending high volumes
of spam, virii, etc.  You might politely contact your commercial/static
clients first, but anyone connecting a "bare" PC on a broadband circuit is
too stupid to deserve coddling.  The great majority of your clients would
thank you profusely.

So far as I can see, detection of serious abusers should pretty
straightforward.  It wouldn't require any pretense at spam or virus
filtering, per se; just pick off the clients that are flagrant sources of
the plague of the month. 

2) Notwithstanding the above, would it really be so hard to trap network
packets bearing clear signatures of the "plague of the month"?  Sure, it
would create an extra load on routers or require special filtering
hardware, but wouldn't it be worth it?  Again, no need to be comprehensive;
just blast the ones that are easy pickings.

3) There was a thread a little while ago that talked about a way to cut
down spam by simply restricting who you would accept SMTP traffic from.
Unfortunately, I don't recall the details, but at the time it struck me as
eminently sensible, and just required cooperation between ISPs to implement
effectively.

One problem for the average ISP would be the monitoring and updating of
plague control infrastructure.  It would probably be a lot easier with a
bit of cooperation and sharing -- either that, or someone could get rich
offering services to ISPs for a fee.

By the way, can anybody explain to me a legitimate use for port 135/137
traffic across the Internet, like it's somebody's private LAN?  Seems to me
anybody who still thinks that's legitimate is living in the past.  

So, the big question: why don't ISPs do more of this?  Are they afraid of
client reaction?  Doesn't wash, for me: most clients would be highly
grateful, and all it really takes for the remainder is fair warning.  Cost?
Again, you can judge for yourselves how low the fruit you choose to pick;
the biggest gains have the best ROI.

Happy clients, liberated bandwidth, faster servers -- what's to loose?

/kenw
Ken Wallewein CDP,CNE,MCSE,CCA,CCNA
K&M Systems Integration
Phone (403)274-7848
Fax   (403)275-4535
kenw at kmsi.net
www.kmsi.net

• Previous message (by thread): email to @emea.att.com still not going through -- anyone at AT&T available to look into this
• Next message (by thread): ISPs' willingness to take action
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]