[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dutch ISPs to collaborate and take responsibility for botted clients

Subject: Dutch ISPs to collaborate and take responsibility for botted clients
From: beckman at angryox.com (Peter Beckman)
Date: Sun, 4 Oct 2009 14:55:24 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On Sun, 4 Oct 2009, Owen DeLong wrote:

>>   * Provide a short period of time (3 days) after notification and before
>>     disconnect to give an opportunity to fix the issue without service
>>     interruption
>
> Uh... Here I differ.  The rest of the internet should put up with the abuse
> flowing out of your network for 3 days to avoid disruption to you? Why?
> Sorry, if you have a customer who is sourcing malicious activity, whether
> intentional or by accident, I believe the ISP should take whatever action
> is necessary to stop the outflow of that malicious behavior as quickly
> as possible while simultaneously making all reasonable effort to contact
> the customer in question.

  Yeah, after a few people privately emailed me regarding the same, the
  short period of time should be thrown out, for the good of the rest of the
  'net.

  The "short period" was initially intended for infections that were not
  active or immediately impacting, but were detected to be infected
  none-the-less.  Assuming active "bad behavior" immediate disconnect is
  prudent and wise.

  As our ability to remotely detect virus and trojans improves, I suspect
  such an ISP-provided service would as well.

>>   * Offer a simple, automated way to get the connection re-tested and
>>     unblocked immediately (within 15 minutes) using a web service
>>     accessible even if the connection is blocked
>> 
> Either a web interface or even a telephonic process. It doesn't necessarily
> need to be automated, but, it shouldn't be a 3 day wait for a technician
> to get back to you. It should definitely be a pretty rapid process once
> the abuse is resolved.

  Agreed.  Another emailer mentioned that it's not always simple to
  determine if the abuse is resolved or not, nor is it easy to explain this
  to a non-technical customer in a way that makes them happy with their
  service being cut off.  However it is ignorance and lack of maintenance
  that makes viruses and botnets so prevelant that it may just be time to
  bite the bullet and force users to learn how to maintain their machines.

>>   * Force the customer to call customer service to ask for a retest or
>>     reconnect
> I don't really see a problem with this, so long as customer service is
> responsive to such a call.

  I like self-service.  If it is 3am and staff is not available, making the
  process automated would be ideal.  If the staff is 24/7, agreed.

Beckman
---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman at angryox.com                                 http://www.angryox.com/
---------------------------------------------------------------------------

Follow-Ups:
- Dutch ISPs to collaborate and take responsibility for botted clients
  - From: morrowc.lists at gmail.com (Christopher Morrow)

References:
- Dutch ISPs to collaborate and take responsibility for botted clients
  - From: ge at linuxbox.org (Gadi Evron)
- Dutch ISPs to collaborate and take responsibility for botted clients
  - From: beckman at angryox.com (Peter Beckman)
- Dutch ISPs to collaborate and take responsibility for botted clients
  - From: owen at delong.com (Owen DeLong)

Prev by Date: Minimum IPv6 size
Next by Date: OT: iPhone Problems
Previous by thread: Dutch ISPs to collaborate and take responsibility for bottedclients
Next by thread: Dutch ISPs to collaborate and take responsibility for botted clients
Index(es):
- Date
- Thread