mitigating botnet C&Cs has become useless

• Previous message (by thread): mitigating botnet C&Cs has become useless
• Next message (by thread): mitigating botnet C&Cs has become useless
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On August 8, 2006 4:03:36 PM +0200 Arjan Hulsebos 
<arjan.hulsebos at gmail.com> wrote:

>
> On Sat, 5 Aug 2006 17:17:27 -0400 (EDT), Sean Donelan typed:
>
>> Railroads have the railroad police. The Post Office has postal
>> inspectors.  Do we want to give ISP security the power to arrest
>> people?
>
> We (ISPs) already do have that power, we can disconnect misbehaving
> subscribers. And in cases like this, we should keep them off the 'net
> until they've cleaned up their PC.

That's a nice idea, except how?  How do you prove a user has gotten the 
malware off and patched?  And further how can they do that without internet 
access?  Hint, FWIR, it's not legal for us to distribute MS's patches to 
our subs.

So how do you propose that?  Some customers will fix themselves, some will 
just cancel and find an ISP that doesn't care they're spewing spam and worm 
traffic all the while complaining about how slow their internet service is.

I'm really seriously interested, and I'm not trying to be a flaming 
troll-bait here.  This is a *huge* problem.  You can turn off a user sure 
enough, but how do you know it's OK to let that user back on.

> And besides doing that, we should educate our subs on how to properly
> maintain their PC (installing and keeping up-to-date antivirus
> software, patch the OS on a regular basis, you know the drill).

And how is it our responsibility to educate users?  I don't think it 
necessarily is.  However because noone else is and we're all the ones most 
hurt by it we're forced to.

• Previous message (by thread): mitigating botnet C&Cs has become useless
• Next message (by thread): mitigating botnet C&Cs has become useless
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]