[Dshield] ISP Solution for complying with Dshield fightback?
Valdis.Kletnieks at vt.edu
Sat Nov 26 08:08:58 GMT 2005
On Fri, 25 Nov 2005 18:08:18 +0530, Sanjay Arora said:
> I find that a major problem ISPs, especially the smaller ones face, is a
It's not the smaller ones. Unless Comcast is a "smaller one" these days. :)
> system to track, respond, act upon by source IP blocking/source port
> blocking, communicate problem to the customer, remove blocks upon
> resolution and communicate resolution to Dshield and any other
The lack of software isn't the issue. The problem is that said providers
have never bothered to implement the infrastructure this software will need.
You could drop a fully customized Remedy solution (damn, it's a slick product,
especially if you have in-house Remedy clue) on these people, and train them in
its use, and it would do exactly *zero* to help them, because...
... they don't keep TACACS logs or caller-ID info on their inbound modem pool
because they don't *understand* the need for it when their business model is
"send a bill for $12.95 to every subscriber every month".
On the other hand, a friend of mine and his SO run a local ISP. He certainly
qualifies as one of these "smaller ones". And you know what? He's able to
run a *very* tight ship using just a few very small tools. One, given a
suspect IP address, greps the logs and produces a customer account number.
Another, given an account, produces a phone number. I think that end of
his business is all of 75 lines of code, mostly pretty-printing.
Oh, and he's no dummy - he uses "We'll call you when the big companies won't"
as a selling point. It's one of the reasons his customers prefer him. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20051126/a903e44b/attachment.bin
More information about the list