RE: Nimda et.al. versus ISP responsibility

["Tracy Martin" <tracy () arisiasoft com>]

Let me toss in my perspective as an "end user"...

I would rather have my ISP call me up and say "You've got something on your
system that's sending out crap - get it off or lose your connection. Call me
back before close of business today and tell me which it's going to be" than
to have them implement filters and possibly mess up my connectivity with
them.

And, in simple point of fact, the above has happened to me. I got caught out
with something (don't know what it was, don't care what it was) in late June
/ early July and got the call above. I took all my local systems off the
network, and formatted and reinstalled them, then put data back from backup
as needed. I told the ISP when they called what I was going to do, and they
were fine with that. So, it took me a weekend of working to get everything
back in place, and updated with all the latest patches (including the ones I
had missed). Small price to pay to learn what I should have already known,
and to keep my connectivity open so that *I* can decide what comes into my
network, not someone who I will never see face-to-face.

Of course, we all know that "Great Aunt Sadie" will likely not be able or
willing to do this, so providing a choice would be great. But make sure the
choice is available, please.

> -----Original Message-----
> From: Adcock, Matt [mailto:Matthew.Adcock () GSCCCA ORG]
> Sent: Thursday, September 27, 2001 13:57
> To: 'lucp () skopos be'; incidents () securityfocus com
> Subject: RE: Nimda et.al. versus ISP responsibility
>
>
> <quote>
>   I think we all agree that connecting an unpatched IIS machine to the
> open Internet is acting irresponsibly. Most AUP's already prohibit
> spamming, port scanning etc. (at least on paper). Why not include
> "infection through negligence" as a reason for suspension? Maybe with a
> reasonable grace period the first time.
> </quote>
>
> I agree that the end administrator is ultimately responsible.  The ISPs
> could also help by filtering this traffic.  It would take an
> infrastructure
> upgrade that would end up costing the consumer, but I personally would be
> willing to pay a little more.  Maybe give users a choice between
> being on a
> filtered network or an open network?
>
>
> ------------------------------------------------------------------
> ----------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com