Operation Ghost Click

A. Pishdadi apishdadi at gmail.com
Fri Apr 27 23:14:40 CDT 2012

At some point in like 10 years when all the computer illiterate people are
gone there will be no more excuses for not being educated on malware and
viruses. While I understand the ISP doesn't want to possibly cut into there
profit margins they could easily put in place monitoring tools that can
detect network traffic that is malware bound and reach out to the customer
by email, phone and if need be by person.

How much of tax payer money is spent to pay these FEDERAL (F.B.I.) agents
to sit here and baby sit these computer ignorant and illiterate people for
6 months? So for the big ISPs like comcast i should pay out of my tax money
because they cannot properly enforce a network policy that would require
them to actually give a crap what is coming out of there network?

There is always going to be viruses and malware, they will find ways to get
them through but for heavens sake why would we if identified leave millions
of compromised machines online with an attempt to do a cleanup? YOU as a
network operator have a responsiblity to the other 40,000 AUTONOMOUS
network to make sure your not polluting our private network infrastructure
with garbage coming from your users and network. Clean up your mess.

Like we will not tolerate spammers being housed on 'hosting' networks why
should tolerate malware and infections coming from ISP's??? How much money
is spent cleaning up hacked word press servers and udp.pl scripts...

This is much bigger issue then at any cost making sure a user can get on to
facebook to upload a picture of there cat sleeping upside down. If we
enforced a proper policy and held network activity to certain standards the
ISP's would fix the issue of ignorant users themselves by #1 educating
there users , #2 implementing network monitoring on there outbound traffic
to identify sources of infected and compromised machines, #3 implementing a
cleanup policy, #4 letting the end user know they have a responsibility to
make sure the machines they access the network from are clean and to do
checks and to do there antivirus updates and os updates.

Oh yah, and if we got all these 'supporting' DNS servers up why not just
direct ALL users of it, who are clearly infected to a temporary page that
will enlighten the customer that they are infected and give them
instructions on clean up and give them a deadline of when there service
will stop......... How hard is that?

On Fri, Apr 27, 2012 at 10:55 PM, <Valdis.Kletnieks at vt.edu> wrote:

> On Fri, 27 Apr 2012 21:39:20 -0500, you said:
> > Is it not detected by the common anti-virus software vendors? If the
> This assumes that the computer hasn't been hit by something *else* that
> disables the user's AV software.  Remember, multiple infections are
> *common*.
> > internet stopped working on my computer i would reach out to someone who
> > knew how to fix it, keeping these people online and spreading the malware
> > helps how??
> The point is that the internet *didn't* stop working, so they have no
> reason to
> reach out yet.
> And no, you can't just blindly cut the users off and make them call the
> ISP for
> several reasons:
> 1) At that point, the ISP incurs an expense to fix a problem they didn't
> cause.
> Remember that margins on most consumer-grade Internet accounts are pretty
> thin,
> and one long support call can wipe out the profit.  So explain why the ISP
> wants to cut off a user who makes them $10/year profit, and spend $30 or
> more
> handling the support call, when they aren't in the business of providing
> security services to end users?
> 2) If the user has no POTS, cutting them off may have just cut off their
> 911
> service.  You want to take that risk?
> 3) Many times, there are multiple customer computers behind a NAT.  Do you
> really want the hassle of an irate user calling in because you just broke
> the
> dad's VPN to work, because one of their kids has some cruft on their
> computer?
> (And no, don't try to tell them they should have bought business class
> service
> or similar crap, that *will* lose you a customer).
> So explain why the ISP wants to cut off the user, when it will cost them
> money, and possibly a customer?

More information about the NANOG mailing list