Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)

Sean Donelan sean at donelan.com
Mon Jun 18 15:59:13 UTC 2007

On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote:
> On 6/18/07, Sean Donelan <sean at donelan.com> wrote:
>> Automation is a non-starter unless you have people to deal with the
>> exceptions.  If you don't deal with exceptions, eventually problems with
>> any automated system will overwhelm you.  You can only hid behind IVR
>> recordings "You call is very important to us" for so long.
> You're preaching to the choir there.  That still doesnt underrate the
> importance of automating this.  Throwing people at it simply doesnt
> scale.

You need a both.  The mistake engineers make is thinking technology 
is the solution.  The mistake customer care makes is thinking a pleasent 
voice is the solution.  The mistake law enforcement makes is thinking an
arrest is the solution.  The mistake legislators make is thinking a law
is the solution.  And so on.

We need a mix of all those things, including people, technology, laws and 
physical arrests.  The problem is not a naturally occuring phenomena. 
The opponents are intelligent people who react to anything we do.

I've seen ISPs with very advanced automated systems that went unused 
becaused their customer care organizations couldn't cope with the scale 
of problem customers.  I was building infected customer sandboxes a long 
time ago.  Even if your automated systems handle 99% of the problem 
customers, that 1% can doom your plans if you don't understand it.

ISPs looking for automation may consider these vendors or several 
free/open source alternatives.

Simplicita: http://www.simplicita.com/
Bradbord: http://www.bradfordnetworks.com/
Motive: http://www.motive.com/
Cisco/Perfigo: http://www.cisco.com/en/US/products/ps6128/index.html
F-Secure Network Control: http://www.f-secure.co.uk/enterprises/products/fsnc.html
Trend Micro Intercloud: http://us.trendmicro.com/us/about/news/pr/article/20070123143622.html

More information about the NANOG mailing list