Re: Dutch ISPs to collaborate and take responsibility for botted clients

[Peter Beckman <beckman () angryox com>]

On Sun, 4 Oct 2009, Owen DeLong wrote:

> >   * Provide a short period of time (3 days) after notification and before
> >     disconnect to give an opportunity to fix the issue without service
> >     interruption
>
> Uh... Here I differ.  The rest of the internet should put up with the abuse
> flowing out of your network for 3 days to avoid disruption to you? Why?
> Sorry, if you have a customer who is sourcing malicious activity, whether
> intentional or by accident, I believe the ISP should take whatever action
> is necessary to stop the outflow of that malicious behavior as quickly
> as possible while simultaneously making all reasonable effort to contact
> the customer in question.

 Yeah, after a few people privately emailed me regarding the same, the
 short period of time should be thrown out, for the good of the rest of the
 'net.

 The "short period" was initially intended for infections that were not
 active or immediately impacting, but were detected to be infected
 none-the-less.  Assuming active "bad behavior" immediate disconnect is
 prudent and wise.

 As our ability to remotely detect virus and trojans improves, I suspect
 such an ISP-provided service would as well.

> >   * Offer a simple, automated way to get the connection re-tested and
> >     unblocked immediately (within 15 minutes) using a web service
> >     accessible even if the connection is blocked
> Either a web interface or even a telephonic process. It doesn't necessarily
> need to be automated, but, it shouldn't be a 3 day wait for a technician
> to get back to you. It should definitely be a pretty rapid process once
> the abuse is resolved.

 Agreed.  Another emailer mentioned that it's not always simple to
 determine if the abuse is resolved or not, nor is it easy to explain this
 to a non-technical customer in a way that makes them happy with their
 service being cut off.  However it is ignorance and lack of maintenance
 that makes viruses and botnets so prevelant that it may just be time to
 bite the bullet and force users to learn how to maintain their machines.

> >   * Force the customer to call customer service to ask for a retest or
> >     reconnect
> I don't really see a problem with this, so long as customer service is
> responsive to such a call.

 I like self-service.  If it is 3am and staff is not available, making the
 process automated would be ideal.  If the staff is 24/7, agreed.

Beckman
---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman () angryox com                                 http://www.angryox.com/
---------------------------------------------------------------------------