[Dshield] Possible solution for ISP (was DShield's public goals)
dshield at oitc.com
Tue Jan 17 20:30:44 GMT 2006
At 8:55 AM -0500 1/17/06, Anonymous Squirrel wrote:
>I haven't seen this typical scenario discussed: A residential connection to
>a home network, with a few "always on" computers, and a few visitors that
>appear for a few weeks and drop off the network (say college kids home for
>holidays). A problem pops up and the residential connection.
>1) Does the ISP blacklist the entire connection, even if the problem
>computer is no longer at the residence?
Depends on the magnitude of the infraction and their TOS but I would
figure you could easily port block all outbounds except 80 and 25 (to
ISPs mailserver only) without them ever knowing and limit any "damage"
>2) Do *all* computers at that connection have to be checked by a certified
>checker (e.g. Geeks on Call)? How does the ISP know how many should be
>cleaned? If one is cleaned, are all deemed cleaned? (for bonus points,
>after a residential user pays to have several computers checked, and all are
>found to be clean, how long does the ISP keep the customer?)
Give them free AV and rootkit hunters to run. That's what AOL did
because its cheaper in the long run. Geeks on Call can be then called
by the residence if anything is found and they can contact ISP to
remove the port block.
>3) How does the ISP's contracted checker deal with non-standard machines,
>say a custom built OS that the employees may not have a prayer of
>understanding? Or does the ISP only allow certain machines in certain
>configurations on their network, thereby solidifying the Microsoft monopoly
>in the name of simplicity? (FWIW, Cox acts dumb when I call with a
>connection problem and tell them I don't have a "Start" button. They refuse
>to provide any support unless I boot into Windoze).
If its that non standard (what is a standard? windows?) the geek at
the residence should have known about his problem before anyone could
call Geeks on Call.
>4) How does the resident shield confidential information from the checkers?
>Think carefully before answering this one. Anyone on this list llikely
>could shield it without any problems, but the average user probably could
Use bonded Geeks on Call. Heck if they just got hacked most of their
"confidential info" might be in Belorus by now
More information about the list