[Dshield] paper about port blocking

Johannes Ullrich jullrich at euclidian.com
Wed Sep 3 22:48:06 GMT 2003


On Wed, 2003-09-03 at 17:33, Jonathan Rickman wrote:
> Broadband ISPs should ship devices that support at least some 
> form of static packet filtering, and have it locked down by default. 

Many DSL / Cable modems do support some form of port filtering. However,
maintaining these devices can be a pain. In particular as you may end up
with different versions or brands over time. However, from a security
aspect that would be great.

> but ISPs could absorb 
> the costs over time due to the reduced time spent playing whack-a-mole with 
> infections. 

The cost issue is something I am still looking for hard numbers.
Responding here partially to a different reply: I agree that the
"official" estimates are not all that reliable and may be inflated.
However, it does cost money to respond to help desk calls.

I figure, that most large ISPs have at this point about 2% of infected
users. Given that there are about 25 Million broadband users in the US
alone, this makes for about 500,000 infected systems. If each one of
them causes a single support call ( about $10 per call), this makes
up $5,000,000 in damage, or about $2 per user to spend on "protection".
$2 doesn't buy a firewall. But it does buy time to maintain some rules
on existing firewalls.




-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------





More information about the list mailing list