Naming and Shaming "Bad" ISPs 79
An anonymous reader writes "Brian Krebs takes a provocative look at ISP reputations, collecting data from 10 different sources that track 'badness' from a multitude of angles, from phishing to malware to botnet command and control centers. Some of the lists show very interesting and useful results; the ISPs that are most common among the various reputation services are some of the largest ISPs and hosting providers, including ThePlanet and Softlayer. The story has generated quite a bit of discussion in the security community as to whether these various efforts are measuring the wrong things, or if it is indeed valid and useful to keep public attention focused on the bigger providers, since these are generally US-based and have the largest abuse problems in terms of overall numbers."
Wow, I feel bad for ThePlanet.com (Score:5, Insightful)
These measurements might not be 100% accurate at identifying the root of each of the problem areas, but when an ISP is on all but one of the top ten lists, you have to start wondering what they are doing wrong. ThePlanet.com, what gives? Too many undereducated customers running infected servers? No top level detection and deactivation process in place? Seems like there are a lot of things missing.
Re:New Jersey (Score:5, Insightful)
Please. If you are a big company you need to be prepared to deal with larger portions of the same: good tools, good (and bigger) staff, a specialized security/response team. It's like any other company, One can't expect to run a large company with the same resources used in a small one.
Laughable (Score:4, Insightful)
Why would anyone (home user/corporate etc) care about any of that? It doesn't make their network/access any less safe. People go for cost, then performance. If I can get a good deal from an ISP, why do I care about how many follow customers are incapable of managing their systems?
Re:New Jersey (Score:3, Insightful)
I'm fairly certain that they have specialized security/response teams. The difference between small and big companies is that the big ones are known by everyone. Even if they have a prompt response team they can't pre-screen servers, and even snooping around in them would be illegal. Obviously the huge companies will be better known to everyone and hence get more customers, good and bad.
Re:I think it'a about the same all over (Score:3, Insightful)
By your logic, I could accept money from drug dealers as well, "cuz, ya know, without customers that pay money, companies go out of business" . If they accepting money from spammers and malware dealers, they are liable as well. I could press civil and criminal charges or I can just block their traffic completely (which I've done, BTW). Then I turn from a "whining bitch" to a royal PITA. Thankfully, the Internet is still free around here.
time for a division (Score:2, Insightful)
So as by far the biggest abuse problems (botnets, spam, ...) are coming out of the USA since many years, maybe it is time for other countries to black whole USA based addresses. Just stop routing their packets until they become good net citizens.
I don't know how many reports I have seen pointing to the USA as the biggest spam source. It's time to do something about it. Only if there are some consequences will they ever change their behaviour.
It's not my problem, my customer is doing this! (Score:5, Insightful)
The big hosting providers ALL have the same attitude when you contact them about abuse:
"WE aren't doing this, that is one of the customers of one of our resellers, we won't do anything, talk to the reseller."
Of course, the reseller says "Screw you, they are paying us good money and you aren't."
Softlayer is a VERY good example of this: a Softlayer hosted site has repeatedly been spamming the Wine Developers mailing list for their crap. I have personally emailed Softlayer about it on more than 10 separate occasions, and have heard ZERO back from them. They don't care (even though their site claims they are aggressively anti-spam - BULLSHIT! words are cheap, actions are not, and Softlayer HASN'T ACTED!)
The spam problem isn't complicated to solve, it is actually pretty simple to solve (though not EASY to solve!) - just follow the "shit flows downstream" principle. If a host is doing bad things, look up who owns the network they are on, and MAKE IT THAT ENTITIE'S PROBLEM to solve it. However the problem is solved - be it "Hey, your server's infected" "OOPS fixed now sorry!", be it "We have blocked outgoing connections from your system until you fix it.", be it "Boss axed me an' Nunzio to has a talk wit ju about youses' server...." - doesn't matter as long as the problem gets solved. If it DOESN'T get solved, then the network owner becomes the problem entity, and you move to their hosts.
The only hard part is bringing some form of negative consequences to bear upon the network owners - you either need a law (and then you have a hard time dealing with systems outside your law's reach - all you can do is place the problem on the point of demarcation to your jurisdiction), or you need something with a wider reach, like publicity.
(and to all you morons about to copy and paste the "spam solutions form" - that meme is old enough to drink and vote, let it die already, OK?)
Re:Laughable (Score:5, Insightful)
Because it does make your network less safe. Having the script kiddies, the spammers, and the harvesters active on your subnet exposes you much more directly to their abuses, and to the likelihood that your logs will be cluttered with the attacks from their servers. It also gets _you_ added to email blacklists and routing table blackholes, because your customers may be tired of the abuse from your network and find it far simply to simply block you.
The expense of a more reliable and secure server is an issue. But there's nothing like the self-righteous DDOS attacks that have occurred against networks that serve abusers to clutter the traffic of even innocent clients: it imperils the service for legitimate, paying customers. Cases like "agis.net", who hosted the Cyberpromo spammers before a DDOS against them finally got them to take action, make a fascinating study in the risks of hosting abusers. Conversely, xinnet.com in China is happy to host spammers: with the size of their service and the limited choices available to consumers in China, they're effectively immune from prosecution or attack.
Re:New Jersey (Score:3, Insightful)
And yet you still expect them to sell you hosting for 19.95 a month, provide you with basically unlimited bandwidth, unlimited storage,do not even THINK about deep packet inspection or traffic shaping and let you do most anything you want to do!
Sorry but your comment is laughable man. The old saying of, "Speed, Quality, Price" Choose 2 still applies.