Security Basics mailing list archives
RE: FW: Legal? Road Runner proactive scanning.[Scanned]
From: "Burton M. Strauss III" <BStrauss () acm org>
Date: Sat, 13 Mar 2004 08:04:01 -0600
In other threads, y'all are complaining that xyz ISP doesn't do anything about Spammers. You can't have your cake and eat it too... I think you can make a cogent argument that an ISP scanning inside it's network is not only prudent but required, with the proper precautions taken. Item: The RR TOS cited early in this discussion clearly permit them to do this. Item: Similarly in the TOS, it probably prohibits running a server. Thus you can argue - and probably successfully although I'm not a lawyer - that all they are doing is enforcing their TOS as they told you they might. That's a simple matter of contract law. If you don't like it, take your business elsewhere. But let's play with this some more and get into my prudent & required theory... Given the reality of how networks are provisioned (and the cost models ISPs use), somebody running a server and using unexpected amounts of bandwidth (in the reverse direction), may affect all customers. Take the most extreme case, a Satellite ISP, with very restricted return (uplink) throughput. In order to provide you with good service for normal requests (http get, for example), the ISP would like to provide you with the entire 64 Kbps uplink channel for the brief interval you need to send data. But, if you run a server and utilize that for long periods, you impact ALL users. The ISP has two choices - ban servers or throttle all users to their 1/nth of that 64 Kbps, which would provide service that sucks... To provide the contracted service to all users, is it required that the ISP enforces their TOS. Essentially, while the limit may be higher, the concept is true of ALL asymmetrically provisioned services (DSL, Cable Modem, even perhaps 56Kbps dialup...) Running a server on a network that is not engineered for it will impact other users. Should they have engineered the network differently and allowed you to run a server? Well that's a different discussion - and basically the costs of doing so, vs. the few individuals who really care, would make it un-economical. That's why "Business" class service is so expensive... If you want to run a server, and the TOS doesn't permit it, then get a different account or ISP - one that allows you to do what you want to do. But you will end up paying for it. TANSTAAFL. Why prudent? Say you are running an open relay mail server and thus are generating tons of spam. If they don't stomp this out, the ISP runs the risk of the Usenet death penalty, ending up on the black hole lists, etc. So in order to allow their customers to be functioning members of the Internet community, the ISP must take active steps to prevent these types of abuses. The real problem is that so few ISP's do so. -----Burton --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: FW: Legal? Road Runner proactive scanning.[Scanned], (continued)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 22)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 18)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 19)