[Dshield] Possible solution for ISP (was DShield's public goals)
vancel at winfreeacademy.com
Wed Jan 11 22:53:29 GMT 2006
Valdis.Kletnieks at vt.edu wrote:
>On Mon, 09 Jan 2006 12:19:54 CST, Laura Vance said:
>>4a) user fixes problem and submits to a test by whoever (could be a
>>company that does this for profit and charges the end user, not the
>>ISP... Best Buy, Comp USA, new companies, etc.), and whoever tested the
>>system sends notification to the ISP. All is well in the land.
>>4b) user ignores email, ISP adds their name to the database and
>>terminates their connection.
>A non-starter. You come home from vacation to find your machine was hacked.
>*AND* that you can't get on the net to download the patch.
>If the user is cut off, how *exactly* does he fix the problem?
When you take your computer into Comp USA, you physically take your
computer there and have them do their thing. Shutting them off fixes
the problem, because now they are forced to deal with the problem
instead of just being ok with a slower computer that is horribly infected.
>>4b2) or: They go to an ISP that does not participate in the database,
>>but all of the ISPs that do participate block all access from ISPs that
>>do not participate, so they have no access to anything on the Internet
>Getting the participating ISPs to *cut off* connections with non-participating
>ones is not going to fly. NetZero won't cut off EarthLink, no matter how bad
>it is, because NetZero doesn't want their phone to ring off the hook about why
>their users can't get to EarthLink anymore. If the phone rings, it costs them
>money. It costs them even *more* money if they become ex-NetZero users.
>Go back to early October, and see what happened when Level3 (AS3356) tried
>to depeer XO (AS 2828).
I'm not talking about the good ISP shutting of their customers from
accessing hosts on the bad ISP or even sending email to the bad ISP.
I'm talking about the good ISP blocking all inbound traffic from the bad
ISP. In your scenario, NetZero is the good ISP that wants to do this
plan. Their customers can browse any site hosted on the Earthlink
webspace. NetZero customers can also send emails to any IP on the
entire EarthLink IP space. Since EarthLink is a non-participant in the
system, NetZero blocks all inbound traffic from their customer-space.
NetZero would still accept inbound email from the EarthLink mail server,
and they would allow inbound web traffic from the EarthLink proxy (if
one exists), and so on for different services. NetZero would *only*
block *all* inbound traffic from user-space at EarthLink.
Then when EarthLink started participating, then NetZero would remove the
blocks. Make the system free or almost free (nominal fee to cover
hardware and Internet connection for remote use) so it doesn't effect
the ISP bottom line and they will practically have no reason to *not*
1) helps control virus spreading.
2) educates users.
3) low (or no) cost.
4) ISP doesn't have to repair the user machines or educate their users,
so no extra responsibility or expenses.
1) an extra step to look up the user when assigning a new account.
2) possible loss of customers (this will only happen if too few ISPs
adopt the system).
As I said, the idea could be tweaked, but the basic idea is a manageable
solution. The worst part is the initial implementation... getting
enough ISPs to sign on to the system to make it effective would be the
ultimate challenge. Call it leveraging... the only question would be if
you want to be able to deal with 75% of the Internet or 25% of it. And
if all ISP's signed on to the idea, then no ISP would be blocked from
the others. I also said that it doesn't *have* to be a block, it could
be something else... or even until most ISPs are on board, no ISP blocks
would happen. There are so many ways to implement this idea that there
is almost no reason not to seriously consider it. Blocking was just
something that one person came up with while brainstorming on an
email... other possibilities that use this same model would be great too.
My main concern is that all of the other ideas that I've seen either put
a LOT of work on the ISP (NAT/firewall upkeep for users that are allowed
inbound connections), or they simply punish those of us that know how to
run a tight ship along with everyone that doesn't know and doesn't care.
Winfree Academy Charter Schools
More information about the list