North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: "Default" Internet Service
Owen DeLong wrote: That I am bound not to say unfortunately, however all will become clear soon (it'll be in the press). If you're a water company, and you deliver rusty water through your pipes - you are responsibleIt's not crap. Infected machines are no more the fault of the internet than2nd blaming infected machines on the internet is similar to blaming your Actually, I suspect it's a much larger fraction, more along the lines Agreed Education... and how to educate - well if they don't want to do it for their own personal gain, force them.... How to force them... don't give them access until they have learnt the basics... Hitting them financially when they get it wrong will force most to learn rather than get caught again, but it would be nice to stop them in the first place.... further what are you going to do with those who you try to 'fine' and they just go to another ISP...? (I do have some experience with this don't forget - much to the annoyance of some) ... Anyhow remember this:And how is an ISP supposed to do anything about this?Even with a secure OS this simple method of infection will continue to work.Correct Prevention is better than a cure... We're already being taxed... In Australia we are forced to pay for incoming and outgoing traffic - so DDoSes and Spam cost the recipient.However you are ignoring the fact that once the machine is infected, theRight... So, you should be working really hard to get people not to allow It hasn't, however the data coming from an ISPs network has always beenHow and when did it become the responsibility of the ISP to protect the end users machines? I did say 'data coming from an ISP'... The data transiting the ISPs network is just that. The ISPNow that is debatable - and probably not best discussed here or in this thread.... AFAIAC the traffic coming from an ISP is the responsibility of that ISP - if it's transiting they are still responsible... It's the 'car accident' principle.. 3 cars (A,B & C) pull up at a stop sign, B stops behind A, C runs into B and pushed B into A... A doesn't sue C.... A sues B for A's damage, and B sues C for B's damage, A's damage and costs. I agree that ISPs should shut off sites that are demonstrably spewing...and in the current economical enviroment, and the size of the 'worst' ISPs is going to stop tha from happening. I'd be interested to see that... I don't have a problem with most ideas like that.No, they get paid for delivering packets. They don't get paid (currently)Do ISP's get paid to protect end user machines?No, they get paid for traffic, which is the reason some ISPs out there don't care if their customers are DDoSing anothers network. Most residential ISPs get paid the same whether the customer spews Agreed Agreed, however they have publically acknowledged the problem, which for me is a major milestone.They continue to develop new and more exploitable services and features.Yup, we've been doing that for years, and they have been fixing things asIf you want to blame someone maybe the company that provided the insecure os that requires monthly patches to fix portions of the broken code they sold. Or you could blame the end users who open unknown attachments. Hey, I am a Miro$oft hater, but I conceed that the 'default the firewall to on' feature of the next service pack is a good thing - the only issue is the part about not installing on pirated OS's and that they are taking way too long to release it.... but it is a start - we've been trying to get M$ to even start for how many years now?I haven't seen any indication that Micr0$0ft is following the right road, justI would like a real solution to the problem. Simply blocking ports is not successful. So I recommend 2 steps. First buy OS's that are more secure out of the box.That's not going to happen anytime soon, even with Microsoft starting to follow the 'right' road. Actually this is what happens in the UK by law.... If you have a gas heater installed by a non-approved technician, the gas supply will not be connected until it is checked and approved by an approved installer or gas technician. Similarly if the heater doesn't meet certain standards it will never be connected to the gas supply in the UK.... Of course this doesn't stop people getting the gas connected and then doing a DIY gas installation, but people can go to jail for that.So, let me see if I have this straight...2nd Teach users NOT to click on every thing they see....and how are you going to do that? If you give a user a $10 account where they have full internet access they click on everything, then they get infected, their machine is controlled by someone else across the world and is used for DDoS attacks or spam (or..hacking, or...?) .. what are you going to do to educate them in the middle....? What is the ISP going to do to make sure that the enduser has been educated? What are you the ISP going to do to ensure the machine that was infected has now been disinfected...? It is what I mean to say - I have never been good at communicating by written word - probably something to do with the fact I am dyslexic.Right... That's going to happen. ISPs are like utilities. They deliver a service. The service is the acceptance and delivery of properly formed IP datagrams. If you want something different, that's a separate value- added service and you should pay more for it.This makes sense. I've supported this. That's not what Adi and othersI don't expect you the ISP to solve all these problems, nor do I expect you the ISP to stop your users from getting infected.... However you the ISP are responsible for traffic coming from and going to your users, and most of us don't care if you want to allow your users to get infected, however we do care if you allow your customers to attack us.... Whether it be an attack in the form of spam, DDoS or trojan/virus spreading. / Mat Owen
|