At 4:15 PM +1000 9/12/04, Laird Breyer imposed structure on a stream
of electrons, yielding:
[...]
So the important question is probably: will comprehensive ISP
countermeasures be more expensive than the zombie attacks? I have no
idea, but if it's the case, then ISPs will simply learn to live with
the problem, rendering the particular reputation/whitelisting
solutions ineffective as a global force.
The expense of tolerating zombies is already having some interesting
and useful spikes. I am aware of significant corporate networks which
have taken the approach of shunning major consumer ISP's by ASN (i.e.
all traffic from all sources on the ISP's network) as a result of the
mismanagement of those networks. In at least one case, employees
using those providers are being told quite bluntly the reason for the
shunning and that there will be no work-around offered to allow them
to email between work and home or establish VPN links.
It should not take many cases of an ISP being unacceptable to people
with jobs at Company X before they are effectively unacceptable to
people with jobs. That's a bad business position for the ISP.
>You are the ISP CEO. Your mission, should you choose to accept it, is
>to close down 25,000 user accounts for the crime of spamming, while
>keeping your shareholders happy.
The entire ISP network unable to talk to significant parts of the
Internet in any way at all because of the problem machines, or an
outbound mail server that can't function because of the load or can't
get anyone to accept its mail because it mostly sends spam are all
worse than dropping half of the customers into a network jail where
they can't talk to anything (even the ISP's mail servers) other than
a single webserver that offers them no alternatives other than the
tools to clean their machines.
Interesting idea. You want to set up an automated forced update system
for customers.
Minor correction: I *want* those people with a proven record of
infection to be cut off from the net completely and not allowed back
on by any provider allowing anything more dangerous than WebTV.
However, I am *aware of* providers choosing to continue their pattern
of taking the risk of retaining dangerously negligent customers by
devising cheap ways to provide support in isolating and fixing their
systems. This is suboptimal, but it is better than the excuse I've
heard straight from policy-makers at a couple of large
monopolist-owned ISP's, essentially that they are not willing to fund
their help desks adequately to allow them to take a phone call from
every customer they can positively detect to be zombied.
Presumably, the ISP will pay a yearly fee to the
anti-virus companies to be able to distribute their cleaning software
free of charge to the customers.
Knoppix is free :)
On a more serious note, that presumption speaks to the past, not the
future. SBC is already giving out McAfee virus software and I would
be surprised if they are not paying for it or if their competitors
are not doing the same. Besides that, there are free options for
cleaning an infected system.
I think the complexity of this solution for the ISP is good, because
they only have to handle a few operating system variations, and the
customers hitting each web page are self selecting.
They only need to handle Windows users for this. Even if there were
accurately measurable compromise rates for any other systems on
consumer-grade connections, in absolute numbers those users are
easily sacrificed.
What's the typical delay time between virus discovery and fix, for
major anti-virus companies? That's at least the downtime you'll impose
on each customer, and may be an achilles heel (e.g. Microsoft delay
between patches etc). This could do with some discussion.
Step one is to to mature in their understanding of their business. A
lot of non-ISP's operate networks connected to the Internet that
generate zero spam. A lot of ISP's who serve markets other than
consumer residential access manage it as well. There are some
consumer ISP's managing it. Even AOL comes very close.
The whole issue with spam is scale. If spam only affected a few
thousand machines on the internet, virtually any solution would work.
But large consumer ISPs exist because it makes financial sense to offer
cheap access to hordes of people.
That's a statement of blind faith in the perfect efficiency of the
market which is not supported by facts or reason. The ISP industry is
not now and never has been mature, stable, or anywhere close to any
sort of equilibrium point.
Look at the financial history of the ISP industry and you will see a
very different reality. Cheap, fast, widely available Internet access
is the product of charlatans and fools who created, built, and funded
a lot of catastrophically uneconomic businesses over the past decade.
Those businesses have momentum of their own driven by the impossible
dreams and equity investments of fools and the desire of the
charlatans to ride those dreams and funds as long as they last. It is
no accident that today there is no major ISP in the US which is not
either perennially unprofitable and surviving on good money thrown
after bad or sustained by its owners' other profitable enterprises or
both. There are no major free-standing ISP's which are not grotesque
business failures. The continued existence of cheap access is part of
a larger strategy by companies whose main businesses are regulated
traditional monopolies now facing slightly increased competition to
tie services in ways that discourage customers from switching
providers of the profitable base service. If you run down the list of
problem access providers in the US, you will find almost exclusively
ILEC's and cable operators.
So the fact that some network operators
manage to be clean when offering (presumably) expensive service to a
small userbase isn't helpful unless their methods scale.
Their methods only scale when all the competitors are seeking to make
a profit strictly from Internet access. As long as competitors are
willing to lose money on providing the cheapest possible Internet
access, quality providers will remain niche providers.
AOL however is
a good case study.
>So we might soon see large ISPs which 1) acknowledge that a sizeable
>fraction of their customers spam unwittingly, and 2) say: so what?
That's the current situation. It cannot last without all those
adult-run networks increasingly deciding that accepting any traffic
other than HTTP requests from mismanaged networks is more trouble
than it is worth.
I don't know. Email is a killer app, the major reason why people get
an internet account. Dropping email and only offering web browsing is only
a temporary fix, and even webmail is dependent on mail protocols somewhere
along the way. So I'm not sure what this reduction of services would
accomplish for this ISP, over time.
You misunderstood me. I'm, not talking about ISP's changing what they
offer their customers, but about non-ISP's shunning all or nearly all
traffic from the vast wasteland of consumer broadband. It is
perfectly feasible and is being done now. In the long run as that is
done more, it does damage to the value a shunned ISP can offer
customers. The market will approach equilibrium over time, and it may
do so by the rest of the net removing value from cheaply-offered
access.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg