North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Even you can be hacked
On Fri, 11 Jun 2004, David Schwartz wrote: > > > This will be my last post on this issue. > > In this case: > > 1) Almost certainly the traffic was due to a worm. > > 2) Almost certainly the ISP knew (or strongly suspected) the traffic was > due to a worm. > > 3) Quite likely, the ISP never carried most of the traffic to its > destination. Once they knew it was worm traffic, they were probably > filtering by port. > > 4) The ISP should not have carried the attack traffic, if they actually > did. Doing so is negligent and creates additional innocent victims. Maybe > they would give their customer a short time to straighten things out, but > that's it. Erm.. Forgive me if this is a repeat posting but from what i've seen of this thread it needs to be stated. - My ISP Provide me with Internet Services. - I get Authentication, an IP, DNS. - I get a pipe to the world. - I pay for my own bandwidth based on the plan the ISP provides me . If I have a usage limit, and I exceed it due to a worm infection, its MY problem. Noone elses. I'm responsible for the security aspect of my own personal computers. Note the list of things above. I havnt paid for a managed circuit, with warnings after unusual activity, I havnt paid for a filtering service to filter by port for traffic that might be suspicious... so how is this not cut-and-dried? The ISP provides me with service, and puts a meter on it, and they bill me by the byte, or whatever- Thats the service they're providing, im not expecting to be billed for 'certain types of traffic' - I have a pipe, i'm using that pipe, and I pay for what travels down it. Any 'overusage' or unusual spikes in bandwidth usage are mine to handle - thats part of the risk of purchasing this service. If you want the provider to give you a solution which includes circuit monitoring, content filtering and other such things - then by all means make sure thats specified in the terms of service before you sign the dotted line. This all seems so simple to me - I simply don't understand how I can blame my ISP when my Windows machine gets a trojan on it and starts spitting out emails - whether 0 day or otherwise, its my problem, because *I* decided to take the (calculated) risk of putting that box online. (in whatever state - current, or not, firewalled or not, etc..). You can mitigate that risk through various factors - firewalls, Antivirus, WindowsUpdate, Alternative OSs... these all modify or change the risks involved but my ISP hasn't been involved in the calculation of this risk - so how can they be involved in accepting the responsibility for that risk?!? Mark. (Apparently I share a name with someone else on NANOG. So i'm not him... and hes not me :))
|