nanog mailing list archives
Re: botnets: web servers, end-systems and Vint Cerf
From: Sean Donelan <sean () donelan com>
Date: Fri, 16 Feb 2007 22:55:51 -0500 (EST)
On Fri, 16 Feb 2007, Eric Gauthier wrote:
I run the network for a University with about 12,000 students and 12,000 computers in our dormitories. We, like many other Universities, have spent the last five or six years putting systems in place that are both reactive and preventative. From my perspective, the issues are still there but I'm not sure that I agree with your implications. Do we still have "compromised" systems? Yes. Is the number of "compromosed" systems at any time large? No. Is the situation out of control? No. Email me off-list if you want more details. IMHO, Its too bad broadband providers have not yet picked up on what the Universities have done.
Why do you claim broadband providers haven't picked up on what universities have done?
Couldn't broadband providers say the same thing > Do we still have "compromised" systems? Yes. > Is the number of "compromosed" systems at any time large? No. > Is the situation out of control? No.If you compare infection rates of a broadband provider with 10 million subscribers, which probably translates to at least 30 million devices with NAT, WiFi and mobile devices; would its infection rate be significantly different from a university with 12,000 students with 1 computer each?
If your university's upstream ISP implemented a policy of cutting off theuniversity's Internet connection anytime a device in the university network was compromised; how many hours a year would the university
be down? What if the university's ISP had a three-strikes policy, would the university have used up all of its three-strikes? What proof should the univeristy's upstream ISP accept the problem is corrected?Is there some infection rate of university networks that upstream ISPs should accept as "normal?" Or should ISPs have a zero-tolorance policy
for universities becoming infected repeatedly?How is the "acceptable" infection rate for universities different than the infection rate of other types of networks?
Current thread:
- Re: botnets: web servers, end-systems and Vint Cerf, (continued)
- Re: botnets: web servers, end-systems and Vint Cerf Valdis . Kletnieks (Feb 15)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Valdis . Kletnieks (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Eric Gauthier (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Gadi Evron (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Eric Gauthier (Feb 26)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 27)
- resnets and naming (was: Re: botnets: web servers, end-systems and Vint Cerf) Steven Champeon (Feb 16)
- Re: resnets and naming Scott McGrath (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 16)
- Re: RBL for bots? J. Oquendo (Feb 16)