Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Botnet Networking Security The Internet IT

Naming and Shaming "Bad" ISPs 79

Posted by Soulskill from the gettin'-called-out dept.
An anonymous reader writes "Brian Krebs takes a provocative look at ISP reputations, collecting data from 10 different sources that track 'badness' from a multitude of angles, from phishing to malware to botnet command and control centers. Some of the lists show very interesting and useful results; the ISPs that are most common among the various reputation services are some of the largest ISPs and hosting providers, including ThePlanet and Softlayer. The story has generated quite a bit of discussion in the security community as to whether these various efforts are measuring the wrong things, or if it is indeed valid and useful to keep public attention focused on the bigger providers, since these are generally US-based and have the largest abuse problems in terms of overall numbers."
This discussion has been archived. No new comments can be posted.

Naming and Shaming "Bad" ISPs More

Naming and Shaming "Bad" ISPs

Comments Filter:

  • I think it'a about the same all over (Score:5, Interesting)

    by agoliveira ( 188870 ) <adilson@adilson. ... t minus math_god> on Saturday March 20, 2010 @10:06AM (#31549246)

    One of the largest ISPs in Brazil, Locaweb, is the main source of spam and malware I get and it's not only about numbers. They just ignore every single complain I've done.

  • ThePlanet (Score:5, Interesting)

    by Manip ( 656104 ) on Saturday March 20, 2010 @10:06AM (#31549248)

    It is a shame that ThePlanet is doing so badly. I've used them before for dedicated hosting and was very happy with the service I received. I will say that they are very "hands off" (which is generally good, but bad in this case). I think one has to remember that this is a chart of which ISPs are most responsive and active in stopping abuse originating from their network and not some kind of general review of the service they offer.

    That being said I think all the ISPs listed should be unhappy about appearing on these lists and should actively be trying to fix their reputation or risk getting blacklisted.

  • Re:New Jersey (Score:5, Interesting)

    by sopssa ( 1498795 ) <sopssa@email.com> on Saturday March 20, 2010 @10:09AM (#31549262) Journal

    Some of the ISP's in the list are huge hosting companies, namely ThePlanet, Layered Tech, Leaseweb, OVH.. You have no idea how big they are unless you've visited one of their data centers. They host millions of servers. How would they check it all? For that matter, who wants their data center staff snooping around in your server?

    Being one of the largest hosting companies in the planet obviously brings in bad guys too.

  • Re:ThePlanet (Score:3, Interesting)

    by sopssa ( 1498795 ) <sopssa@email.com> on Saturday March 20, 2010 @10:13AM (#31549286) Journal

    Would you blacklist Google too? They are on the lists too. It's not the problem that they would be actively friendly towards such activity, it's that they're so big companies that they get abused.

  • Ohhhhh Please! (Score:3, Interesting)

    by FlyingGuy ( 989135 ) <.flyingguy. .at. .gmail.com.> on Saturday March 20, 2010 @11:10AM (#31549600)

    We all demand huge bandwidth, huge amounts of storage and we want it for 19.95 a month.

    Do you wonder why everything is over sold? I mean, really do you?

    How much does a really sharp *nix admin.engineer cost annually?

    Even with really good tools how many physical boxes can on guy keep watch over? How about when each box is hosting 300 accounts, or running 10 VM's? What would anyone guesstimate? Maybe each box is only hosting 30 accounts? I mean the numbers start to add up.

    Lets say just for sake of argument that a really good admin can handle the care and feeding of 100 servers. That guy costs you 60K a year benefits and all. You need three shifts because you run 24/7 so that is 180K right there. Lets say you have 10,000 servers do now we are taking 100 guys * 3 shifts so 300 admins * 60,000.00 per year. So payroll just for the admins is 18 million a year and we have not given anyone the weekend off, so that number is a bit low.

    You have not yet paid for all the hardware or your bandwidth bill. So right now at 19.95 a month you need about 900,000 customers.

    Uhmmm for some reason those numbers just don't pencil. So thats why ISP's have to oversell everything AND turn a blind eye to a lot of things.

  • I am a bit doubtful (Score:3, Interesting)

    by Sycraft-fu ( 314770 ) on Saturday March 20, 2010 @11:10AM (#31549602)

    The reason being that when I look at our firewall logs or when we happen to get a system compromised, the US is way underrepresented. The US accounts for a very large portion of the Internet still, and we are located in the US so you might expect to see most attacks from there. However the majority are RIPE or APNIC addresses. You can also see it in things like Conficker infections. If you look at the graph of what got hit how bad (http://www.confickerworkinggroup.org/wiki/uploads/ANY/conficker-all-2009-small.png) you see that RIPE and APNIC are again way overrepresented in relation to the whole.

    Now I've not done a scientific study on this, I'll admit, but I do have a reasonable data set and it just doesn't match with what I've seen.

  • Re:New Jersey (Score:3, Interesting)

    by sopssa ( 1498795 ) <sopssa@email.com> on Saturday March 20, 2010 @11:34AM (#31549724) Journal

    Also, I've heard that one of the large companies, HostGator, gets 1500 new customers every day and they catch around 500 of them being malicious/spammers (even with phone verification!). With that huge amount of customers, and the good-to-bad ratio, it's no surprise if some slip in.

Slashdot Top Deals

2.4 statute miles of surgical tubing at Yale U. = 1 I.V.League

Close