Having been an administrator at a local ISP, I can completely understand from a support standpoint the unwillingness to troubleshoot problems on a machine with a personal firewall installed. Not knowing the aptitude of the users setup, there could be all manner of things interfering with network communication. But, that is a very shortsighted and lazy approach to the problem. As mentioned in the article, the large number of compromised machines is a menace. Any ISP worth their weight, and covering their share of the obligation to the rest of the net, should pick any one of the better personal firewalls out there (TinySoftware's PF is GREAT...), and learn it inside out. Additionally, create an install package of that PF, which would contain default packet filter rulesets that would fit most any regular home user and give them the protection they need. This would allow them to not only support the use of these firewalls, but would also allow them to encourage their use amongst all their users. Support would be simple, and if the end user muxed things up too badly, the reloading of the default rulesets would be a simple matter and return them back to a common starting ground from which they could finish troubleshooting.

Simply put, these packages would be of minimal time investment, and would maximize the savings on the cost of maintaining the network minus the overhead of malicious traffic. Not to mention, if you were able to tie-in user approved logging from all the different nodes, it would create a wonderfully effective distributed IDS...

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/287/9031#9031