Security Incidents mailing list archives

RE: Nimda et.al. versus ISP responsibility

From: John Campbell <jcampbell () wsipc org>
Date: Thu, 27 Sep 2001 10:53:35 -0700

I have begun advocating in favor of 'progressive discipline' for ISP
customers harboring infections- first, notification; second, a 'time-out';
third, disconnect.  Basically we need to look at this as quarantining
infected sites so they don't spread the germs and put larger portions of the
net populace at risk.

John Campbell
Security Engineer
Washington School Information Processing Cooperative (WSIPC)
jcampbell () wsipc org

-----Original Message-----
From: Luc Pardon [mailto:lucp () skopos be]
Sent: Thursday, September 27, 2001 9:50 AM
To: incidents () securityfocus com
Subject: Nimda et.al. versus ISP responsibility


   I'd like the opinion of the list on the attitude of ISP's versus
worms. It is clear that we're going to see more of this.

  I think we all agree that connecting an unpatched IIS machine to the
open Internet is acting irresponsibly. Most AUP's already prohibit
spamming, port scanning etc. (at least on paper). Why not include
"infection through negligence" as a reason for suspension? Maybe with a
reasonable grace period the first time. 

  Problem is that one ISP can't go it alone. If they pull the plug, they
may loose the customer to a less responsible competitor.

  Unlike spammers, most worm victims are "offending" out of ignorance.
Such a provision in the AUP would likely get their attention and maybe
cause a mind shift towards "Unpatched Is Bad (tm)".

  What do you all think ?

  Luc Pardon
  Skopos Consulting
  Belgium

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Nimda et.al. versus ISP responsibility Luc Pardon (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Chip McClure (Sep 27)
  - Re: Nimda et.al. versus ISP responsibility geoff (Sep 27)
- Re: Nimda et.al. versus ISP responsibility John Oliver (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Rich Puhek (Sep 27)
- Re: Nimda et.al. versus ISP responsibility terry white (Sep 27)
- <Possible follow-ups>
- RE: Nimda et.al. versus ISP responsibility John Campbell (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Adcock, Matt (Sep 27)
  - RE: Nimda et.al. versus ISP responsibility Tracy Martin (Sep 27)
    - RE: Nimda et.al. versus ISP responsibility Homer Wilson Smith (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Neil Dickey (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Michael B. Morell (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Dave Salovesh (Sep 27)
- RE: Nimda et.al. versus ISP responsibility UMusBKidN (Sep 27)
  - Re: Nimda et.al. versus ISP responsibility robertm (Sep 27)
  - RE: Nimda et.al. versus ISP responsibility Jason Robertson (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Mogull,Rich (Sep 27)

(Thread continues...)