Nato warns of strike against cyber attackers

Paul Ferguson fergdawgster at
Tue Jun 8 21:52:16 UTC 2010

Hash: SHA1

On Tue, Jun 8, 2010 at 1:30 PM, Brielle Bruns <bruns at> wrote:

> On 6/8/10 2:12 PM, Dave Rand wrote:
>> It's really way, way past time for us to actually deal with compromised
>> computers on our networks.  Abuse desks need to have the power to filter
>> customers immediately on notification of activity.  We need to have
>> tools to
>> help us identify compromised customers.  We need to have policies that
>> actually work to help notify the customers when they are compromised.
>> None of this needs to be done for free.  There needs to be a "security
>> fee" charged _all_ customers, which would fund the abuse desk.
>> With more than 100,000,000 compromised computers out there, it's really
>> time for us to step up to the plate, and make this happen.
> Problem is, there's no financial penalties for providers who ignore abuse
> coming from their network.

Actually, the real problem is that if providers *don't* start doing
something to remediate abuse originating within their customer base -- and
begin policing themselves -- I don't think they will like someone else
(e.g. the gummint) forcing them to do something (which actually may be

The opportunity for providers to address this problem by policing
themselves is being overshadowed by the real possibility that the
government may step in and force them to do so, unfortunately.


- - ferg

Version: PGP Desktop 9.5.3 (Build 5003)


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 ferg's tech blog:

More information about the NANOG mailing list