[Dshield] Commentary on how to deal with infected users who failto clean up their acts! [Fwd: [NANOG] Even you can be hacked
rog at saas.nsw.edu.au
Mon Jun 14 00:01:06 GMT 2004
Jon R. Kibler wrote:
> Roger Buck wrote:
>>Unfortunately, the analogy is not valid for those of us who are paying
>>ISP bills based on metered traffic. It also conveniently overlooks the
>>fact that _everyone_ is paying a significant 'tax' for unwanted Internet
>>traffic: Especially the unwanted traffic generated by most of the recent
>>(12-18 months) Internet worms.
> Sounds like it is time for an ISP change!
Change of country maybe - don't forget that everywhere is not like the USA.
In Australia, most ISP's will charge for both outbound and inbound
traffic for commercial quality Internet connectivity (anything equal to
or greater than 512/512 SDSL!). The ISP's themselves are often subject
to the same billing style by the wholesaler (mainly Australian Telco's).
Domestic users are usually subject to bandwidth throttling instead.
I understand the point of the original post. This response was meant as
a "reminder" - not meant as a criticism: A reminder that there is an
additional and very significant hidden community cost for virus related
traffic - no matter how competently the end user configures their own
firewall / network.
The clients' view is that this is unwanted traffic that never appears on
the inside of the firewall. They are refusing /dropping the unwanted
traffic at the gateway interface between them and their ISP and that is
the most they can do.
The ISP's view this as an end user problem. The ISP simply delivers the
traffic to you and you have the choice of either paying the bill or
disconnecting your network.
Many commercial organisations have no idea of the amount of unwanted
traffic they are dropping at the gateway - In Australia, I have seen
this traffic rise to a ratio of 9 or 10:1 (nine times more unwanted
traffic (incoming) than valid incoming traffic, for extended periods
(24x7 weeks or months) - especially where the gateway is routing one or
more public IP blocks. This means that some Australian corporates /
Government departments often unknowingly pay up to 900% or more than
they need to pay for the actual traffic they are using (I do have real
data to back this up!).
So long as ISP's profit from the generation of such traffic and end
users ignore it, then unwanted traffic is likely to continue relatively
More information about the list