Andy Johnson wrote:
I think the point of many on this list is, they are a transit
provider, not a security provider. They should not need to filter
your traffic, that should be up to the end user/edge network to
decide for themselves.
How is this different from a transit provider allowing their network
to be used for spam? Seems the same hands-off argument was made wrt
spam a decade ago but has since proved unsustainable.
Our particular problem is with an ISP in Wisconsin, NETNET-WAN. We
get tens of thousands of scans to netbios ports every day from their
/19. This is several orders of magnitude more netbios than we see
from the rest of the net combined. It's eating nontrivial bandwidth
and cpu that we pay real money for. They've had our logs for months
but seem incapable of doing anything about their infected customers.
The suits recommend documenting time and bandwidth costs and sending
a bill with a cease and desist request.
My question is not what can we do about bots, we already filter
these worst case networks, but what can we do to make it worthwhile
for bot-providers like NETNET to police their own networks without