[Dshield] Possible solution for ISP (was DShield's public goals)

Laura Vance vancel at winfreeacademy.com
Thu Jan 12 17:19:23 GMT 2006

Ed Truitt wrote:

>This database of 'bad' users sounds a LOT like the TSA's "no fly" list -- and there is some concern about how that is working out (more than concern if you have to undergo a cavity search every time you fly, because you happen to share a name with some maybe-terrorist.). The maintainability problems of this proposed list appear to be similar - who vets the names? How does one ever get off the list?
>-E D Truitt
I mentioned these in the initial suggestion.

First concern is that this one doesn't try to pre-determine if someone 
is bad.  The TSA tries to determine evil-doers before they do evil.  
This suggestion only flags people that have already gotten infected.  
Only after either the ISP notices it, or if someone reports that user to 
the ISP.  It doesn't punish someone for what they *might* do, only for 
what they just did.

Second concern is who keeps track of it.  All ISP's would enter the 
names as they get blocked.  It's just a central computer running a 
system that ISPs simply log into to add or check names (or some other 
uniquely identifiable information).  The ISP adds names as they get 
infected/blocked, and the ISP can unflag them when they have met the 
criteria for removal.  Every ISP would have the same ability to do this, 
because the list would be available to all ISPs.  It could maybe even 
track which ISPs users have used... track user migration from ISP to ISP 
so the ISP's know what to do to attract more customers... but that's not 
the focus of this particular system.

Third concern about how do they get off the list.  If you are flagged as 
bad or blocked (however the term will be), you take your computer to an 
authorized place (or maybe even geeks on call could do it).  There would 
be specific companies that are authorized to certify that a computer has 
been cleaned and an attempt has been made to educate the owner.  The 
owner then sends this via fax (or postal service) to the ISP, or the 
company that repaired it faxes it to the ISP and viola, the user is back 

Something that would be good is if once someone has been educated, it 
goes on their record as a good mark, and then everyone will know that 
Joe Blow has passed training on how to keep his computer safe, so he may 
get preferential treatment at future ISPs... but that's getting ahead of 

Laura Vance
Systems Engineer
Winfree Academy Charter Schools

More information about the list mailing list