IBM report reviews Internet crime

Tue Feb 12 19:26:14 UTC 2008

michael.dillon at bt.com wrote:

> 
> vendor patches. [suggests that ISPs need to be proactive about detecting
> and blocking compromised machines]

This I've seen suggested for a while yet I've seen many here shun the 
idea. "If we force someone who doesn't know they'll jump ship elsewhere 
in droves" seemed to be the consensus. How about "if some acted as a 
*group* and did not allow an uber infected machine from your client to 
get on a network.

"Sorry we don't your $20.00 per month since its costing us 3 calls to 
tech support per month, we're getting overwhelmed with emailed 
complaints your machine is sending spam..." And so on. Wait, not 
feasible, instead of thinking about this logically it for a second, its 
likely some would focus more on countering it with an argument.

> [If you still distribute any kind of software kits that do not install
> FireFox, you are doing your customers a disservice and making your
> detection and blocking task that much bigger. When you contact customers
> with compromised machines you might want to make it mandatory to install
> Firefox from your servers before re-enabling Internet access]

Agree, and disagree. When I am on Windows, I loathe using the newer 
versions of Firefox. Its become such a resource hog its scary. I've 
resorted to Opera. So you push them to Firefox anyway, what now, there 
are still countless amounts of vulnerabilities for FF many not even 
seen. Because the security industry has some numbers on vulnerabilities 
for Mozilla, what about the unknowns? What about the spambot 
herder/hoarder criminals who don't distribute code.

> [Suggests that NANOG members need to raise the bar considerably to clean
> up their own backyard. What do you know about your own Internet peering
> partners?]

Are you suggesting that if peers don't clean up their act they should be 
de-peered? I'd like to see that happen even for a day and watch a large 
portion of the net crumble. I could point out off the top of my head 
about a dozen dirty peers and I mean extremely dirty, who would never be 
de-peered. Money talks

> [This suggests that targetting these specific attack vectors could clean
> up a significant amount of the problem and correspondingly recduce your
> costs for detection and blocking of compromised machines.]
> 

That would mean work. It would also mean the time alloted to focusing on 
how to fix it would be taken away from the time it takes to 
counter-argue your points.

-- 
====================================================
J. Oquendo

SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)

wget -qO - www.infiltrated.net/sig|perl

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5533 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080212/23d854b8/attachment.bin>