Re: Quarantine your infected users spreading malware

["Marcus Aurelius" <aur.marcus () gmail com>]

On 20/02/06, Gadi Evron <ge () linuxbox org> wrote:

> Many ISP's who do care about issues such as worms, infected users
> "spreading the love", etc. simply do not have the man-power to handle
> all their infected users' population

By their own choice, might I add.

Consumer-grade ISPs (which is what you are talking about) are forever
trying to lower their subscription costs in order to attract new
users, meaning that they have no choice but to cut operational costs.

The first service to go is invariable the only one that doesn't
generate revenue: the abuse desk.

The end result is a huge botnet running free-wheel with nobody to
clean it up because "Aunty Jane" doesn't know the first thing about
computer security (wossat?) and is going to connect her shiny new
unpatched XP machine to the 'Net without a firewall or an antivirus.

Bang! 15 seconds later her machine is zombified.

> Is it the ISP's place to do this? Should the ISP do this? Does the ISP
> have a right to do this?

The ISP's rights are irrelevant to a certain extent. By that, I mean
that they cease to exist at the point where they start infringing on
the rights of *other* networks.

Furthermore, some networks tend to forget that their use of the
Internet is not a $deity-given right, but a privilege, and that it is
subject to rules both written and unwritten. If a consumer ISP starts
flaunting those rules and starts being a bad netizen (spewing spam and
viruses, allowing infected machines to attempt ssh brute force attacks
etc.) then the rest of the 'Net will shun that ISP, making it
extremely difficult for the shunned ISP to deliver mail outside its
own network or even, in some cases, access *any* port of a foreign
machine.

It is therefore incumbent upon the ISP to "do the necessary" to ensure
that its users have as full an Internet expreience as possible and
that they are welcome elsewhere. That means that the ISP *must* police
its network. It isn't the ISP's right to do this, it's the ISP's
*duty*.

> I respect the "don't be the Internet's firewall issue", not only for the
> sake of the cause but also because friends such as Steven Bellovin and
> other believe in them a lot more strongly than I do. Bigger issues such
> as the safety of the Internet exist now. That doesn't mean user rights
> are to be ignored, but certainly so shouldn't ours, especially if these
> are mostly unaffected?

The average "Aunty Jane" user isn't going to be running a mail server
at home and wouldn't even notice if access to port 25 of machines
other than her ISP's mail servers was blocked.

--
MA