[Dshield] Possible solution for ISP (was DShield's public goals)

Tom dshield at oitc.com
Tue Jan 17 20:30:44 GMT 2006


At 8:55 AM -0500 1/17/06, Anonymous Squirrel wrote:
>I haven't seen this typical scenario discussed: A residential connection to
>a home network, with a few "always on" computers, and a few visitors that
>appear for a few weeks and drop off the network (say college kids home for
>holidays).  A problem pops up and the residential connection.
>
>Questions:
>
>1) Does the ISP blacklist the entire connection, even if the problem
>computer is no longer at the residence?

Depends on the magnitude of the infraction and their TOS but I would 
figure you could easily port block all outbounds except 80 and 25 (to 
ISPs mailserver only) without them ever knowing and limit any "damage"

>2) Do *all* computers at that connection have to be checked by a certified
>checker (e.g. Geeks on Call)?  How does the ISP know how many should be
>cleaned?  If one is cleaned, are all deemed cleaned?  (for bonus points,
>after a residential user pays to have several computers checked, and all are
>found to be clean, how long does the ISP keep the customer?)

Give them free AV and rootkit hunters to run. That's what AOL did 
because its cheaper in the long run. Geeks on Call can be then called 
by the residence if anything is found and they can contact ISP to 
remove the port block.

>3) How does the ISP's contracted checker deal with non-standard machines,
>say a custom built OS that the employees may not have a prayer of
>understanding?  Or does the ISP only allow certain machines in certain
>configurations on their network, thereby solidifying the Microsoft monopoly
>in the name of simplicity? (FWIW, Cox acts dumb when I call with a
>connection problem and tell them I don't have a "Start" button.  They refuse
>to provide any support unless I boot into Windoze).

If its that non standard (what is a standard? windows?) the geek at 
the residence should have known about his problem before anyone could 
call Geeks on Call.

>4) How does the resident shield confidential information from the checkers?
>Think carefully before answering this one.  Anyone on this list llikely
>could shield it without any problems, but the average user probably could
>not.

Use bonded Geeks on Call. Heck if they just got hacked most of their 
"confidential info" might be in Belorus by now

Tom



More information about the list mailing list