[Dshield] ISP Solution for complying with Dshield fightback?

Ed Truitt ed.truitt at etee2k.net
Sat Nov 26 16:19:31 GMT 2005


Ditto here - I gave up AO-Hell and my telco for a 'small' ISP for just this very reason.  If I have a problem I call them - and if I *am* a problem (not very often) they call me.  In both cases, quick responsiveness is the key to keeping the relationship going.

-EdTr.
-----Original Message-----
From: Valdis.Kletnieks at vt.edu
Date: Sat, 26 Nov 2005 03:08:58 
To:General DShield Discussion List <list at lists.dshield.org>
Subject: Re: [Dshield] ISP Solution for complying with Dshield fightback?

On Fri, 25 Nov 2005 18:08:18 +0530, Sanjay Arora said:

> I find that a major problem ISPs, especially the smaller ones face, is a

It's not the smaller ones.  Unless Comcast is a "smaller one" these days. :)

> system to track, respond, act upon by source IP blocking/source port
> blocking, communicate problem to the customer, remove blocks upon
> resolution and communicate resolution to Dshield and any other
> projects/complainants.

The lack of software isn't the issue.  The problem is that said providers
have never bothered to implement the infrastructure this software will need.

You could drop a fully customized Remedy solution (damn, it's a slick product,
especially if you have in-house Remedy clue) on these people, and train them in
its use, and it would do exactly *zero* to help them, because...

... they don't keep TACACS logs or caller-ID info on their inbound modem pool
because they don't *understand* the need for it when their business model is
"send a bill for $12.95 to every subscriber every month".

On the other hand, a friend of mine and his SO run a local ISP. He certainly
qualifies as one of these "smaller ones".  And you know what?  He's able to
run a *very* tight ship using just a few very small tools.  One, given a
suspect IP address, greps the logs and produces a customer account number.
Another, given an account, produces a phone number.  I think that end of
his business is all of 75 lines of code, mostly pretty-printing.

Oh, and he's no dummy - he uses "We'll call you when the big companies won't"
as a selling point. It's one of the reasons his customers prefer him. ;)

_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


Cheers,
-E D Truitt

Sent via my BlackBerry from Cingular Wireless


More information about the list mailing list