RE: [Operational] Internet Police

["George Bonser" <gbonser () seven com>]

> From: William McCall 
> Sent: Friday, December 10, 2010 8:45 AM
> To: Lamar Owen
> Cc: nanog () nanog org
> Subject: Re: [Operational] Internet Police


> To the folks out there that presently work for an SP, if someone
> called you (or the relevant department) and gave you a list of
> end-user IPs that were DDoSing this person/entity, how long would you
> take to verify and stop the end user's stream of crap? Furthermore,
> what is the actual incentive to do something about it?

The behavior is no different than a street gang who would attempt to
influence the behavior of a local merchant by threatening damage to the
store.  In the case of internet operations, we seem to tolerate the
behavior or simply assume little can be done so many don't even try. If
an ISP were to actively disconnect clients who were infected with a bot
(intentionally infected or not), the end users themselves might be a
little more vigilant at keeping their systems free of them.  *But* any
ISP doing that would also have to be prepared to invest some effort in
trying to help absolutely clueless people (in many cases) remove these
bots from their systems.  It can quickly become a huge time swamp.