Okay, so this won’t fix the Internet, but I think it’s high time that what I’m about to suggest is implemented. It’s not exactly a revolutionary idea that I just came up with. It’s what people have been talking about for a decade.
ISPs need to start blocking crap from originating on their network. The only reason, as best as I can tell, that they’ve done anything about spam is that they were getting ‘collateral damage’ when huge chunks of their networks were being listed as spam havens, causing legitimate e-mails to bounce and really irritating all their customers.
Let’s say that your computer gets infected by a virus that causes it to ping flood a given Internet site. What should happen? I think there are three courses of action. The ISP can do nothing, which is easiest. That’s the status quo. The second option is that some simple firewall rules could detect that your IP was suddenly generating hundreds of ICMP packets a second, have the system automatically realize that something fishy was going on, and remove you from the Internet, perhaps redirecting all your traffic to page indicating what was going on and how to fix it. Or, third, and easiest of all, they could simply firewall off the ICMP attack you were trying.
A lot of the viruses/worms are super-easy to detect. They try to connect to hundreds of computers at once on an obscure port. That alone is something that no ‘real’ user is likely to do. But you can go even further, and have your firewalls do some Layer 7 inspection. (But ooh, that would cost money, and ISPs don’t like that!) They could look at the ‘payload’ of the data and see if it matched the ‘signatures’ of known viruses.
I’m not proposing that your ISP should have people monitor your every move with packet sniffers. I’m proposing that ISPs implement the equipment that would let it detect blatant abuse of the network, which consumes not only their resources but the resources of countless other networks, and stop letting crap go on. Imagine if, once Nimda was known in the wild, your ISP prevented any incoming attacks from reaching you. And that a few of their clients got infected anyway, but that when they tried to use a web browser, all they got was a message indicating that their computer was infected with a virus that was trying to spread with other computers, so they lost their Internet connection until they fixed it, and, oh, here’s instructions on exactly how to do it.
I suppose some customers would be angry. But I think, overall, it’d be worth inconveniencing a few people who couldn’t keep a clean computer anyway.
(Okay, so Nimda was a bad example since it spread so quickly. But it’s not like it was over and done with by the end of the day.)
It wouldn’t block everything. Really clever, malicious stuff would get through. Obscure stuff would get through. Brand new exploits would get through. But it’s just absurd how many attacks go on that everyone was already aware of, and it strikes me as even more absurd that ISPs seem like they couldn’t care less. If nothing else, it’d save them a lot of bandwidth.