Re: [Operational] Internet Police

[Paul Graydon <paul () paulgraydon co uk>]

On 12/10/2010 07:45 AM, George Bonser wrote:
> > From: William McCall
> > Sent: Friday, December 10, 2010 8:45 AM
> > To: Lamar Owen
> > Cc: nanog () nanog org
> > Subject: Re: [Operational] Internet Police
>
> > To the folks out there that presently work for an SP, if someone
> > called you (or the relevant department) and gave you a list of
> > end-user IPs that were DDoSing this person/entity, how long would you
> > take to verify and stop the end user's stream of crap? Furthermore,
> > what is the actual incentive to do something about it?
> The behavior is no different than a street gang who would attempt to
> influence the behavior of a local merchant by threatening damage to the
> store.  In the case of internet operations, we seem to tolerate the
> behavior or simply assume little can be done so many don't even try. If
> an ISP were to actively disconnect clients who were infected with a bot
> (intentionally infected or not), the end users themselves might be a
> little more vigilant at keeping their systems free of them.  *But* any
> ISP doing that would also have to be prepared to invest some effort in
> trying to help absolutely clueless people (in many cases) remove these
> bots from their systems.  It can quickly become a huge time swamp.
Not to mention the risk of lost business for customers that just can't 
be bothered to fix broken machines.

Paul