Dutch ISPs to collaborate and take responsibility

[tvhawaii at shaka.com (Michael Painter)]

Lee wrote:
> If an ISP is involved with tracking down DDOS participants or
> something, I can understand how they'd know a system was compromised.
> But any kind of blocking because the ISP sees 'anomalous' traffic
> seems .. premature at best.  SANS newsbites has this bit:
>  On Thursday, October 8, Comcast began testing a service that alerts its
>  broadband subscribers with pop-ups if their computers appear to be
>  infected with malware.  Among the indicative behaviors that trigger
>  alerts are spikes in overnight traffic, suggesting the machine has been
>  compromised and is being used to send spam.
> 
> When my son comes home from college, there's a huge spike in overnight
> traffic from my house.  With all the people advocating immediate
> blocking of pwned systems in this thread, I'm wondering what their
> criteria is for deciding that the system is compromised & should be
> blocked.
> 
> Lee

Some info. here (from http://networkmanagement.comcast.net/ ):
5.  Detection of Bots
http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03 
http://tools.ietf.org/html/draft-livingood-web-notification-00