nanog mailing list archives

Re: Nato warns of strike against cyber attackers

From: Owen DeLong <owen () delong com>
Date: Tue, 8 Jun 2010 21:29:51 -0500



Sent from my iPad

On Jun 8, 2010, at 3:30 PM, Brielle Bruns <bruns () 2mbit com> wrote:

On 6/8/10 2:12 PM, Dave Rand wrote:

It's really way, way past time for us to actually deal with compromised
computers on our networks.  Abuse desks need to have the power to filter
customers immediately on notification of activity.  We need to have tools to
help us identify compromised customers.  We need to have policies that
actually work to help notify the customers when they are compromised.

None of this needs to be done for free.  There needs to be a "security
fee" charged _all_ customers, which would fund the abuse desk.

With more than 100,000,000 compromised computers out there, it's really
time for us to step up to the plate, and make this happen.



Problem is, there's no financial penalties for providers who ignore abuse coming from their network.

Problem is there's no financial liability for producing massively exploitable software.
No financial penalty for operating a compromised system.
No penalty for ignoring abuse complaints.
Etc.

Imagine how fast things would change in Redmond if Micr0$0ft had to pay the cleanup costs for each and every infected 
system and any damage said infected system did prior to the owner/operator becoming aware of the infection.

DNSbl lists work only because after a while, providers can't ignore their customer complaints and exodus when they 
dig deep into the bottom line.

We've got several large scale IP blocks in place in the AHBL due to this exact problem - providers know there's abuse 
going on, they won't terminate the customers or deal with it, because they are more then happy to take money.

Legit customers get caught in the cross-fire, and they suffer - but at the same time, those legit customers are the 
only ones that will be able to force a change on said provider.

They contact us, and act all innocent, and tell people we're being unreasonable, neglecting to tell people at the 
same time that the 'unreasonable' DNSbl maintainer only wants for them to do a simple task that thousands of other 
providers and administrators have done before.

-- 
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org

Current thread:

Re: Nato warns of strike against cyber attackers, (continued)
- - - Re: Nato warns of strike against cyber attackers Barry Shein (Jun 09)
    - Re: Nato warns of strike against cyber attackers Henry Yen (Jun 10)
    - Re: Nato warns of strike against cyber attackers Larry Sheldon (Jun 10)
    - Re: Nato warns of strike against cyber attackers Chris Adams (Jun 09)
    - Re: Nato warns of strike against cyber attackers Larry Sheldon (Jun 09)
    - Re: Nato warns of strike against cyber attackers JC Dill (Jun 09)
  - Re: Nato warns of strike against cyber attackers Brielle Bruns (Jun 08)
    - Re: Nato warns of strike against cyber attackers J. Oquendo (Jun 08)
    - Re: Nato warns of strike against cyber attackers Larry Sheldon (Jun 08)
    - Re: Nato warns of strike against cyber attackers Paul Ferguson (Jun 08)
    - Re: Nato warns of strike against cyber attackers Owen DeLong (Jun 08)
    - Re: Nato warns of strike against cyber attackers Larry Sheldon (Jun 08)
    - Re: Nato warns of strike against cyber attackers Owen DeLong (Jun 08)
    - Re: Nato warns of strike against cyber attackers Joe Greco (Jun 09)
    - Re: Nato warns of strike against cyber attackers Gregory Edigarov (Jun 09)
    - Re: Nato warns of strike against cyber attackers Owen DeLong (Jun 09)
    - Re: Nato warns of strike against cyber attackers Joe Greco (Jun 09)
    - Re: Nato warns of strike against cyber attackers Larry Sheldon (Jun 09)
    - Re: Nato warns of strike against cyber attackers Alexander Harrowell (Jun 10)
    - Re: Nato warns of strike against cyber attackers Steven Bellovin (Jun 08)
    - Re: Nato warns of strike against cyber attackers Patrick W. Gilmore (Jun 08)

(Thread continues...)