[Dshield] Possible solution for ISP (was DShield's public goals)

Jim McCullough jim.mccullough at gmail.com
Wed Jan 11 12:56:10 GMT 2006

  I do not see a problem with what your company is doing.  Your company
provides an "outsourced service",  this reduces the overhead for the ISP in
resources and personnel costs to provide a similar service.  The main thing
the ISP's might be looking at would be accountability.  Many companies world
wide already outsource sections of their business to 3rd parties for
reducing their overhead in personnel costs. This is coming from a standpoint
of the US Corp environment bias.  The price that is paid for outsourcing is
lack of loyalty to the company.  But this goes outside the realm of this
list and thread into another subject.

   To limit connections to an internal private ip block and maintaining the
private addressing for access out would push most of the smaller ISP's out
of business.  They usually do not have the staffing or funding to impliment
this kind of service.  With the large ISP's this could be done, such as with
AOL.  Here comes the drawbacks.  90-95% of the ISP's currently do not
support alternative OS's connecting to their net.  And like with AOL, it
could come down to running the ISP's customized software to connect.  This
poses a restriction on the user base via the ISP to run what is considered
"mainstream" and hindering personal growth potential.  Companies like AOL
rely on the user's lack of knowledge and tries to lead them down the path
that the Company chooses.  Not the path that the user chooses.   This brings
up a socail ethics and morals issue that alot of companies would not be
willing to discuss publically.

On 1/11/06, Mike <mjcarter at ihug.co.nz> wrote:
> Laura,
> I really like your reasoning but with particular regards to 4a)
> > 4a) user fixes problem and submits to a test by whoever (could be a
> > company that does this for profit and charges the end user, not the
> > ISP... Best Buy, Comp USA, new companies, etc.), and whoever tested the
> > system sends notification to the ISP.   All is well in the land.
> This is one of the reasons I started my company, now I just need to get
> major ISPs to use our service, to be honest though most of them probably
> don't know we exist yet.
> I'm hoping that we will bridge the (obvious) gap between ISPs and end user
> security and that ISPs will no longer have the excuse that they do not
> have
> the resources in NZ because we will provide this service at no cost to
> them.
> All they need to do is refer us to their users when they contact them
> about
> an infection or similar related abuse and we'll take care of the donkey
> work.
> Does anyone see a problem with a 3rd party providing this kind of support
> when referred by the ISP?
> > Just some thoughts.
> Very good thoughts I thought :)!
> Cheers
> Mike
> www.infosec.co.nz
> > --
> > Thanks,
> > Laura Vance
> > Systems Engineer
> > Winfree Academy Charter Schools
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

Jim McCullough

More information about the list mailing list