Re: ISP's regulating criminals

[Paul Wouters <paul () xelerance com>]

On Tue, 7 Dec 2004 robert () dyadsecurity com wrote:

> > ], ISPs should be required to better detect when zombie computers
> > [that enable spam and phishing attacks] are sitting on their networks.
> > I know that ISPs are considered a "Publisher" under certain laws. It
> > does not, however, mean that they have to be stupid and let their
> > storage and bandwidth be used by criminals.

While I believe it is good for the ISP to do so on its own network, it is
a bad idea to keep large centralised lists, that as you point out, are
easilly manipulated with IP spoofing.

But an ISP can be pretty sure nothing gets spoofed on its own network
that it won't recognise.

XS4ALL, the oldest Dutch ISP that came out of the hacking scene has a very
good policy. When they detect a computer has gone zombie, usually by the amount
of spam bounces and/or complains, they just block port 80 of that machine
until its owner calls the helpdesk. It means that important things like email
or ssh keeps working, just their browsing stops working. Once you have
cleaned your system,

Now what really worries me is the EU data retention plans that will be
discussed on december 13th. 41 Dutch ISP's wrote a letter to our minister
of justice (who deals with telecom security apparently) to say this was not
very feasable, and his answer was that protesting is useless, because these
are 'european matters, not national ones'.....

I will leave it to the reader to calculate the amount of harddisks needed
to comply to store all data for 6 months......

Over this matter, the of the big ISPs (again including XS4ALL) have left
the Dutch branche organisation for ISPs.

Paul
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave