[Dshield] ISP Solution for complying with Dshield fightback?

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Sat Nov 26 08:08:58 GMT 2005

On Fri, 25 Nov 2005 18:08:18 +0530, Sanjay Arora said:

> I find that a major problem ISPs, especially the smaller ones face, is a

It's not the smaller ones.  Unless Comcast is a "smaller one" these days. :)

> system to track, respond, act upon by source IP blocking/source port
> blocking, communicate problem to the customer, remove blocks upon
> resolution and communicate resolution to Dshield and any other
> projects/complainants.

The lack of software isn't the issue.  The problem is that said providers
have never bothered to implement the infrastructure this software will need.

You could drop a fully customized Remedy solution (damn, it's a slick product,
especially if you have in-house Remedy clue) on these people, and train them in
its use, and it would do exactly *zero* to help them, because...

... they don't keep TACACS logs or caller-ID info on their inbound modem pool
because they don't *understand* the need for it when their business model is
"send a bill for $12.95 to every subscriber every month".

On the other hand, a friend of mine and his SO run a local ISP. He certainly
qualifies as one of these "smaller ones".  And you know what?  He's able to
run a *very* tight ship using just a few very small tools.  One, given a
suspect IP address, greps the logs and produces a customer account number.
Another, given an account, produces a phone number.  I think that end of
his business is all of 75 lines of code, mostly pretty-printing.

Oh, and he's no dummy - he uses "We'll call you when the big companies won't"
as a selling point. It's one of the reasons his customers prefer him. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20051126/a903e44b/attachment.bin

More information about the list mailing list