[Dshield] Interesting Zombie Data Graphs

MaXX bs139412 at skynet.be
Wed Nov 9 21:36:53 GMT 2005


On Wednesday 09 November 2005 17:27, Pete Cap wrote:
> --- MaXX <bs139412 at skynet.be> wrote:
> > They probably prefer to invest in beefier hardware
> > to handle the mess...
[...]
> Not so beefy.  The issue is that ISPs are not losing
> money because the perception TO THE CUSTOMERS is that
> it's not the access provider's responsibility.  Now,
> when a customer from Cox gets hacked by a customer
> from Comcast, the Cox guy definately sees Comcast as
> having at least some responsibility.  
Agreed,
> But nobody is
> going to switch ISPs because they got botnetted.
Damn! I'm alone...

> Ultimately it's the user's responsibility, but then
> again the service provider is in a great position to
> do something about the problem, and since they are
> also in a position to track traffic and find botnets,
> some of the responsibility rests with them as well.
Is it so hard for an ISP to have some kind of IDS/IPS/honeypot to perform some 
early detection and try to kill the botnet in the egg? (at least cut a wing).
I have no experience on 'large scale' systems, but I this see a 'sale' 
argument mostly for business custommers ("Our network is more secure than 
X").

As an internet user, I try to keep my place clean, my trafic is filtered in 
both direction and I expect my ISP to warn me/pull the plug if my machines 
are infected by something nasty.

> It's like gun ownership in a way...it's the owner's
> fault if the weapon is misused and someone gets
> killed.  But, Constitutional rights notwithstanding,
> there are some people who just shouldn't have a gun,
> and society knows this (e.g. a madman).  At some point
> you would lay blame on a retailer if he sold a gun to
> someone who shouldn't have one.  Well, I think that in
> the digital world, that person is the guy who just
> can't be arsed to install ZoneAlarm.  Not a perfect
> metaphor, but I think it gets my meaning across...
[...]
I understand. 

Another "weapon" ISPs have in hand, is the default config of their DSL box; 
Firewall activated...
Selling the gun with rubber bullets instead of explosive ammo...

--
MaXX


More information about the list mailing list