fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| reply to Nightfall
Re: FCC
said by Nightfall  :
Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.
An infected machine can send millions of spam messages a day. You are letting the infected user sent 14 million+ messages before your plan does anything about it. I think that is totally unaceptable.
Upon receipt of a complaint and verification that the machine is infected, easy to do with a scan, the ISP must immediatly stop the flow of spam, period.
And that is easy to do also. A simple outgoing port 25 block at the nearest router for the IP address the infected user is on and the flow of spam stops.
There is no reason for anything more than 3 to 4 day turn around time on stopping the flow of spam from an infected machine. Any thing less is an excuse by the ISP. |
|
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| said by fantomposter :
A simple outgoing port 25 block at the nearest router for the IP address the infected user is on and the flow of spam stops.
BINGO
But take it a step further . . . port 25 blocking across the entire network. Stopping the spam abusing the rest of the internet takes precedence over the inconvenience of those who may be legitimately sending email thru servers other than those belonging to their ISP.
Then Comcast can fight it out with zombied customers who continually bang on the door of a closed port without the rest of the internet receiving the garbage.
--
The Rules of Spam | Maryland's New Anti-Spam Law
Where are we going? And what's with the hand basket? |
|
JTRockville
Data Ho
Premium,MVM
join:2002-01-28
Rockville, MD
clubs: | Does the solution always have to be soooooooo draconian?
AOL has enjoyed much success by blocking port email from the offending IPs.
Why couldn't/doesn't Comcast do this? |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
 ·Site5.com
 ·AT&T Midwest
 ·Comcast
| said by JTRockville :
Does the solution always have to be soooooooo draconian?
AOL has enjoyed much success by blocking port email from the offending IPs.
Why couldn't/doesn't Comcast do this?
That is also an option.
Maybe keep these ports open to you initially, but then if your system is comprimised, the ports are closed. I think of it like network access. You are given full rights to do what you want. If you prove yourself to be a moron when it comes to security, then you are downgraded. If the ISP downgrades you, then they have to submit a message to the user explaining why and so on.
Obviously, this won't fix the port 80 attacks bouncing off my router because you can't close that port if the user is a moron without shutting down their entire internet access. 
In some cases, it has to be draconian and in other cases it doesn't. If we want to have a system like this, each ISP is going to have to hire experienced network people to be able to determine if these machines have been comprimised. There should be a checks and balances system in place so only the users who have comprimised machines have their connections turned off or ports closed. There can be no room for error due to the fact that it will take only one user who gets shut down to complain about it and cause a huge stink.
Since experienced network people cost money, and you are going to need a nice group of them to monitor all the systems and look for violations, I don't see it happening.
It would be easier to just cut the connection instead of do it the right way.
--
My Domain
Nightfall's Hockey and Life Journal |
|
fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| said by Nightfall :
Maybe keep these ports open to you initially, but then if your system is comprimised, the ports are closed.
Good idea, but how about the converse? Close them all and open it for anyone that asks. My GUESS, 95 percent of the people would not even notice they were closed. |
|
JTRockville
Data Ho
Premium,MVM
join:2002-01-28
Rockville, MD
clubs:
 ·LINGO
 ·Sprint Mobile Broa..
·surpasshosting
 ·Verizon FIOS
| reply to Nightfall
said by Nightfall :
Since experienced network people cost money, and you are going to need a nice group of them to monitor all the systems and look for violations, I don't see it happening.
Does Comcast really think they can provide network services without hiring experienced network people? Weren't the "synergies and efficiencies" of running such a huge network supposed to minimize costs such as these?
If you don't see experienced network people dealing with these issues competently, then you've overlooked AOL (and probably other providers too). |
|
TheMadSwede
Premium
join:2001-01-30
Holland, MI
·Charter Pipeline
| reply to fantomposter
said by fantomposter :
said by Nightfall :
Maybe keep these ports open to you initially, but then if your system is comprimised, the ports are closed.
Good idea, but how about the converse? Close them all and open it for anyone that asks. My GUESS, 95 percent of the people would not even notice they were closed.
I'm with you 100% on this, but I'm also laughing to myself as I imagine all the glass-is-half-empty posters here on BBR complaining about port 25 being blocked by that darn [insert ISP name here]. We're never happy.
--
A good idea expressed in a poor manner is a bad idea. |
|
