short Botnet list and Cashing in on DoS

Gadi Evron ge at
Sat Oct 9 10:39:19 UTC 2004

> Most ISP's wouldn't have to deal with this problem if corporations took
> the time to release better products. I was faced with the question of
> "What do you do for infected clients?" What can an ISP do. Most of the

An ISP doesn't really have to do anything, either. As long as it is not 
in their financial interest or they are bound to it by law.

Thing is, not everybody even calls tech support.

> times ISP's become the de facto MS technical support team and it is rather
> understand, and won't care to since they're frustrated. Sure take a hit
> with one client cancelling an account, what happens when it grows?

You lose. But how much does it cost to hire a few more tech support guys?

But as much as you might invest in tech support, some never even answer 
abuse mail.

> As for the prior responses of "You will get DoS'ed" this I am aware of.

Actually, almost a year ago I heard somebody say: "Protection money? 
Online?!" Pay us or we will DDoS you?! That's stupid. In real life if 
you payed you at least know that the bad guys:
(1) Really won't trash your place.
(2) Will stop others from trashing your place.

Online, say you paid - so what? They can still DDoS you, and if they 
won't.. who says somebody else won't?

With every kiddie owning so many Cable/DSL ranges.. it is plain and 
simple scary.

> this since it bugs me) EV1, Everybody's Internet. Not only do they host
> some botnets, malware spewing servers, spam relays, terrorists related
> sites, their excuse is "Well we don't know who we rent to"


I don't care if they see it and don't do anything, I'd start with them 
answering abuse mail.

> Yes their is little that can be done right now, but yet there ARE
> things that CAN BE DONE. I'm one that is skeptical about laws since laws
> abroad would mean nothing here and vice versa, but where are things

Not necessarily, but yes.. there are always countries like North Korea.

> headed? Spend more on infrastructure to support these issues when you
> shouldn't have to or buy bigger equipment to handle filtering when you
> shouldn't have to. I say nip it at the bud, if you're an upstream provider
> and you see some of these issues, three strikes shut these things down, or
> nullroute them, don't just sit twiddling your thumbs "Oh but that won't
> help your idea is silly because foo_x reason." Have something better in


I truly believe that if the uplinks wanted spam, viruses and the rest of 
the dirt out of their tubes, they would manage it. Thing is - why should 
(1) Their clients don't like to be "censored".
(2) It's an headache and a setback, on *all* levels.
(3) Everybody in the food chain pays for bigger tubes.


More information about the NANOG mailing list