Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
sean at donelan.com
Mon Jun 18 15:59:13 UTC 2007
On Mon, 18 Jun 2007, Suresh Ramasubramanian wrote:
> On 6/18/07, Sean Donelan <sean at donelan.com> wrote:
>> Automation is a non-starter unless you have people to deal with the
>> exceptions. If you don't deal with exceptions, eventually problems with
>> any automated system will overwhelm you. You can only hid behind IVR
>> recordings "You call is very important to us" for so long.
> You're preaching to the choir there. That still doesnt underrate the
> importance of automating this. Throwing people at it simply doesnt
You need a both. The mistake engineers make is thinking technology
is the solution. The mistake customer care makes is thinking a pleasent
voice is the solution. The mistake law enforcement makes is thinking an
arrest is the solution. The mistake legislators make is thinking a law
is the solution. And so on.
We need a mix of all those things, including people, technology, laws and
physical arrests. The problem is not a naturally occuring phenomena.
The opponents are intelligent people who react to anything we do.
I've seen ISPs with very advanced automated systems that went unused
becaused their customer care organizations couldn't cope with the scale
of problem customers. I was building infected customer sandboxes a long
time ago. Even if your automated systems handle 99% of the problem
customers, that 1% can doom your plans if you don't understand it.
ISPs looking for automation may consider these vendors or several
free/open source alternatives.
F-Secure Network Control: http://www.f-secure.co.uk/enterprises/products/fsnc.html
Trend Micro Intercloud: http://us.trendmicro.com/us/about/news/pr/article/20070123143622.html
More information about the NANOG