What do you want your ISP to block today?

Johannes Ullrich jullrich at euclidian.com
Wed Sep 3 23:51:52 UTC 2003



> While non-techies can be a support challenge, I find the greatest
> challenges and demands come from the very techie customers. These
> are the same customers that don't want to hear "the outage happened
> because we put a new filter on the peering router...to protect you
> from outages caused by worms!"

The paper talks about "consumers" defined as "home users or small
business without dedicated IT staff". These filters should be clearly
stated as part of the subscriber agreement. Many filter problems are
the result of inconsistent and rushed implementation.

> You say that putting these filters in place
> will reap financial reward?  Where is the data to support that
> theory?  

I admit: I do not have "hard numbers". But all the calls to support
about slow connections, or dealing with all the abuse@ complaints
has to cost something.

> Most contracts include credit or refund clauses if the
> link goes down or if the performance doesn't meet a certain level.

given that (a) the customer knows ahead of time about the blocked
port, and (b) blocking the port may actually reduce the impact
of the occasional worm, your argument proofs that there may be
a financial benefit.

>  All of the cost data I've
> seen related to worms is either clearly overblown or is based on
> a paucity of data.  I'm not saying these things don't have a cost;
> I am saying that the cost hasn't been realistically quantified.

yes. I am not using any of these numbers to support my issue.
But answering support calls, handing out refunds, and dealing
with abuse email does cost money.

> such as increased performance and shiny new features.

Well, performance should if anything improve. At this point, my cable
modem which I use for regular web browsoing is seeing about 80%
"unsolicited" traffic. Not that the bandwidth impact is huge. But I
rather use it to speed up my pr0n downloads then to waste it on
pings/port 135 probes/arp storms...

And someone is paying to move all these packets across the wire. After
all: Thats what we all agree on. We are paying ISPs to move packets.

-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------





More information about the NANOG mailing list