Re: Death of the Internet, Film at 11

[Mark Andrews <marka () isc org>]

In message <CAC6=tfYKBWBXMFHJo617q_qOMuOjEtoTDGK2pepfrMw3CybFuw () mail gmail com>
, Josh Reynolds writes:
> And then what?

They get in someone to clean up their network.  When they say it
is clean you reconnect them.  If this happens more often than once
a year you charge them a months fees per additional incident.  Have
the year timer start when reconnect is requested.  You give them
what data you have to backup the claim.

> The labor to clean up this mess is not free. Who's
> responsibility is it? The grandma who got a webcam for Christmas to watch
> the squirrels? The ISP?... No... The vendor? What if the vendor had
> released a patch to fix the issue months back, and grandma hadn't installed
> it?
>
> Making grandma and auntie Em responsible for the IT things in their house
> is likely not going to go well.
 
> Making the vendor responsible might work for the reputable ones to a point,
> but won't work for the fly by night shops that will sell the same products
> under different company names and model names until they get sued or "one
> starred" into oblivion. Then they just change names and start all over.
>
> The ISPs won't do it because of the cost to fix... The labor and potential
> loss of customers.
>
> So once identified, how do you suggest this gets fixed?
>
> On Oct 22, 2016 5:11 PM, "Mark Andrews" <marka () isc org> wrote:
>
>
> One way to deal with this would be for ISP's to purchase DoS attacks
> against their own servers (not necessarially hosted on your own
> network) then look at which connections from their network attacking
> these machines then quarantine these connections after a delay
> period so that attacks can't be corollated with quarantine actions
> easily.
>
> This doesn't require a ISP to attempt to break into a customers
> machine to identify them.  It may take several runs to identify
> most of the connections associated with a DoS provider.
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka () isc org
>
> --94eb2c030b6c594dc5053f7b994f
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
>
> <p dir=3D"ltr">And then what? The labor to clean up this mess is not free. =
> Who&#39;s responsibility is it? The grandma who got a webcam for Christmas =
> to watch the squirrels? The ISP?... No... The vendor? What if the vendor ha=
> d released a patch to fix the issue months back, and grandma hadn&#39;t ins=
> talled it?</p>
> <p dir=3D"ltr">Making grandma and auntie Em responsible for the IT things i=
> n their house is likely not going to go well.</p>
> <p dir=3D"ltr">Making the vendor responsible might work for the reputable o=
> nes to a point, but won&#39;t work for the fly by night shops that will sel=
> l the same products under different company names and model names until the=
> y get sued or &quot;one starred&quot; into oblivion. Then they just change =
> names and start all over.</p>
> <p dir=3D"ltr">The ISPs won&#39;t do it because of the cost to fix... The l=
> abor and potential loss of customers.</p>
> <p dir=3D"ltr">So once identified, how do you suggest this gets fixed?</p>
> <div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Oct 22, 2016 5=
> :11 PM, &quot;Mark Andrews&quot; &lt;<a href=3D"mailto:marka () isc org">marka=
> @isc.org</a>&gt; wrote:<br type=3D"attribution"><blockquote class=3D"quote"=
>  style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><b=
> r>
> One way to deal with this would be for ISP&#39;s to purchase DoS attacks<br=
> >
> against their own servers (not necessarially hosted on your own<br>
> network) then look at which connections from their network attacking<br>
> these machines then quarantine these connections after a delay<br>
> period so that attacks can&#39;t be corollated with quarantine actions<br>
> easily.<br>
> <br>
> This doesn&#39;t require a ISP to attempt to break into a customers<br>
> machine to identify them.=C2=A0 It may take several runs to identify<br>
> most of the connections associated with a DoS provider.<br>
> <font color=3D"#888888"><br>
> --<br>
> Mark Andrews, ISC<br>
> 1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
> PHONE: <a href=3D"tel:%2B61%202%209871%204742" value=3D"+61298714742">+61 2=
>  9871 4742</a>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
> =A0INTERNET: <a href=3D"mailto:marka () isc org">marka () isc org</a><br>
> </font></blockquote></div><br></div>
>
> --94eb2c030b6c594dc5053f7b994f--
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org