nanog mailing list archives
Re: ISPs' willingness to take action
From: "Alan Spicer" <a_spicer () bellsouth net>
Date: Mon, 27 Oct 2003 15:37:03 -0500
----- Original Message ----- From: "Eric Kuhnke" <eric () fnordsystems com> To: <nanog () merit edu> Sent: Monday, October 27, 2003 8:40 AM Subject: RE: ISPs' willingness to take action
This is definitely a business opportunity for any ISPs that wish to take advantage of it... Hire clueful abuse desk people, set up a good IDS, run spamassassin on your mail servers, and offer free antivirus software to
the
broadband connected bare win32 PCs. I am sure midsize ISP marketing departments will be able to brand this with a slick name and print
brochure
or TV commercial.
* But customers of broadband ISP aren't going to want to pay more than $40 a month for any such thing you add, and just how clueful do you want help desk people (I don't think you meant abuse desk ... there probably isn't even one) ? $20 an hour? $26 an hour? That isn't gonna happen. And the PRINT and Commercials cost money as well. Which is fine for signing up new customers ... and there is always that customer churn. You can say you raised the bill because you added IDS, and Spamware, and Virusware, and because they get free AV and Firewall software ... and the majority of customers are going to have a fit. They think the whole thing is the responsibility of the ISP at the current rate (or even cheaper!). "You let that virus come into my computer" ... "It came over YOUR network!!!!".
"Tired of spam and junk on the internet? Sick of Pop-ups? Worried about the spread of worms and viruses? We're better than the competition, and here's why...!"
* Because we're more expensive ;-)
We implemented an IDS system. The ROI comes from the inbound attacks being detected/prevented/shunned. But it's also listening to the outbound stuff, so when we see that a customer has the flavor of the week, we cut him off, give him a call and some friendly advice, and everyone's happy. When we see IRC joins and port scans from a customer server, we give him a call, advise him that he's been rooted, and offer to assist in his recovery (can you say business opportunity, folks?). Blocking ports is fine as long as you let people know what you're blocking and why, offer alternative solutions and offer to unblock if it's an absolute requirement. Often, once properly educated about the risks, a lesser experienced admin will be excited about the opportunity to do it the more secure way, and will begin preparations, so I've found the "unblock" is usually temporary.
* I love that wishful thinking. But I kept seeing the same experienced admins (or so they said) with the same spam complaints, pointing at their IP Address (even after it was changed). And home users who said they got rid of the virus but it was still there pumping away just like before you called them. We had some users that were happy we had cut them off, and told them that they had a problem (virus or otherwise). --- Alan Spicer (a_spicerNOSPAM () bellsouth net) http://aspicer.homelinux.net/ http://telecom.dyndns.biz/ Systems and Network Administration, and Telecommunications
Current thread:
- Re: ISPs' willingness to take action [OT USPS], (continued)
- Re: ISPs' willingness to take action [OT USPS] Henry Linneweh (Oct 27)
- Re: ISPs' willingness to take action Jonathan Hunter (Oct 27)
- Re: ISPs' willingness to take action Rachael Treu (Oct 27)
- RE: ISPs' willingness to take action Adam Hall (Oct 26)
- RE: ISPs' willingness to take action Charles Sprickman (Oct 26)
- Re: ISPs' willingness to take action matt (Oct 27)
- RE: ISPs' willingness to take action Charles Sprickman (Oct 26)
- Re: ISPs' willingness to take action Stewart, William C (Bill), RTSLS (Oct 26)
- Re: ISPs' willingness to take action Niels Bakker (Oct 27)
- RE: ISPs' willingness to take action Bob German (Oct 27)
- RE: ISPs' willingness to take action Eric Kuhnke (Oct 27)
- Re: ISPs' willingness to take action Alan Spicer (Oct 27)
- Re: ISPs' willingness to take action kenw (Oct 27)
- Re: ISPs' willingness to take action Matthew Sullivan (Oct 27)
- Re: ISPs' willingness to take action E.B. Dreger (Oct 27)
- Re: ISPs' willingness to take action Christopher L. Morrow (Oct 27)
- RE: ISPs' willingness to take action John Ferriby (Oct 27)
- Re: ISPs' willingness to take action kenw (Oct 27)
- Re: ISPs' willingness to take action Richard Irving (Oct 27)
- Re: ISPs' willingness to take action Christopher L. Morrow (Oct 27)
- Re: ISPs' willingness to take action William Devine, II (Oct 27)
- Re: ISPs' willingness to take action Brian Bruns (Oct 27)