Mikael Abrahamsson wrote:
On Tue, 8 Aug 2006, Simon Waters wrote:
However most big residential ISPs must be getting to the point where
10% bandwidth saving would justify buying in third party solutions for
containing malware sources. I assume residential ISPs must be worse than
[snip]
It might not be the right thing, but the economics for the residential
ISP it costs a lot to try to be proactive about these things, especially
since botnets can send just a little traffic per host and it's hard to
even detect.
Last sunday at DEFCON I explained how one consumer ISP cost American
business $29M per month because of the existence of key-logging botnets.
you want to talk economics? Its not complicated to show that mitigating
key-logging bots could save American business 2B or 4% of =losses to
identity theft -- using FTC loss estimates from 2003
just because an ISP looses some money over transit costs does not equate
to the loss american business+consumers are loosing to fraud.
sorry, DEFCON slides aren't up anywhere yet. drop me a note if you'd
like a copy.
-rick