[Dshield] DShield's Public Goals

stu secmail at patchsupplier.dyndns.org
Fri Jan 6 16:24:42 GMT 2006


But as soon as users get the whiff they're getting half a service
they'll move onto another provider that will give them a "real" internet
connection?

I for one wouldn't be on their network...

I was watching a ch9 video about F5 a company MS are working with. Very
educational, they seem to be able to filter traffic in web farms in real
time. If this technology could be adapted for ISPs I'm not sure but it's
worth possibly looking into. It could operate on a snort style system,
if a packet matches a signature the user is shut off from the internet,
or redirect port 80 to a page for more information. 

False postatives will need to be low which bot writers could go out of
their way to trigger to make the system a problem.  

At the end of the day an ISP is there to make money, unless security
provides either a financial incentive or results in fines I doubt
anything will be done. 

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Jon R. Kibler
Sent: 06 January 2006 14:35
To: General DShield Discussion List
Subject: Re: [Dshield] DShield's Public Goals

M Cook wrote:
> 
> But you see, the more residential dynamic IP addresses are blocked,
the
> fewer options the spammers have left, which I think is a Good Thing. 

Another Good Thing ISPs could do is to assign all residential/dynamic IP
customers IPs in private address space and NAT their Internet
connections. This could GREATLY cut down on the spread of worms (which I
am defining as malware that propagates via network connections) because
they would be limited to propagating on the ISP's private network and
outside public address space. 

I have no idea the real number, but say the U.S. has 50 million
residential users on the Internet using globally routable IPs. If we
were to make all of those systems use private address space, that would
be about 50 million less hosts that could be infected by a worm hopping
from system to system. Granted, this would force malware propagation
tactics to change, but it removes one more tool from the bad guy's
arsenal. From an ISP's prospective, this would also be a Good Thing in
that it would eliminate users running rogue servers, such as P2P, chat,
etc.

Again, my $0.02.

Jon Kibler
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.




More information about the list mailing list