RE: ISPs' willingness to take action

[Eric Kuhnke]

This is definitely a business opportunity for any ISPs that wish to take 
advantage of it...  Hire clueful abuse desk people, set up a good IDS, run 
spamassassin on your mail servers, and offer free antivirus software to the 
broadband connected bare win32 PCs.  I am sure midsize ISP marketing 
departments will be able to brand this with a slick name and print brochure 
or TV commercial.

"Tired of spam and junk on the internet?  Sick of Pop-ups?  Worried about 
the spread of worms and viruses?  We're better than the competition, and 
here's why...!"

> We implemented an IDS system.  The ROI comes from the inbound attacks
> being detected/prevented/shunned.  But it's also listening to the
> outbound stuff, so when we see that a customer has the flavor of the
> week, we cut him off, give him a call and some friendly advice, and
> everyone's happy.  When we see IRC joins and port scans from a customer
> server, we give him a call, advise him that he's been rooted, and offer
> to assist in his recovery (can you say business opportunity, folks?).
>
> Blocking ports is fine as long as you let people know what you're
> blocking and why, offer alternative solutions and offer to unblock if
> it's an absolute requirement.  Often, once properly educated about the
> risks, a lesser experienced admin will be excited about the opportunity
> to do it the more secure way, and will begin preparations, so I've found
> the "unblock" is usually temporary.