Security Incidents mailing list archives
RE: Nimda et.al. versus ISP responsibility
From: "Tracy Martin" <tracy () arisiasoft com>
Date: Thu, 27 Sep 2001 14:25:35 -0400
Let me toss in my perspective as an "end user"... I would rather have my ISP call me up and say "You've got something on your system that's sending out crap - get it off or lose your connection. Call me back before close of business today and tell me which it's going to be" than to have them implement filters and possibly mess up my connectivity with them. And, in simple point of fact, the above has happened to me. I got caught out with something (don't know what it was, don't care what it was) in late June / early July and got the call above. I took all my local systems off the network, and formatted and reinstalled them, then put data back from backup as needed. I told the ISP when they called what I was going to do, and they were fine with that. So, it took me a weekend of working to get everything back in place, and updated with all the latest patches (including the ones I had missed). Small price to pay to learn what I should have already known, and to keep my connectivity open so that *I* can decide what comes into my network, not someone who I will never see face-to-face. Of course, we all know that "Great Aunt Sadie" will likely not be able or willing to do this, so providing a choice would be great. But make sure the choice is available, please.
-----Original Message----- From: Adcock, Matt [mailto:Matthew.Adcock () GSCCCA ORG] Sent: Thursday, September 27, 2001 13:57 To: 'lucp () skopos be'; incidents () securityfocus com Subject: RE: Nimda et.al. versus ISP responsibility <quote> I think we all agree that connecting an unpatched IIS machine to the open Internet is acting irresponsibly. Most AUP's already prohibit spamming, port scanning etc. (at least on paper). Why not include "infection through negligence" as a reason for suspension? Maybe with a reasonable grace period the first time. </quote> I agree that the end administrator is ultimately responsible. The ISPs could also help by filtering this traffic. It would take an infrastructure upgrade that would end up costing the consumer, but I personally would be willing to pay a little more. Maybe give users a choice between being on a filtered network or an open network? ------------------------------------------------------------------ ---------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda et.al. versus ISP responsibility Luc Pardon (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Chip McClure (Sep 27)
- Re: Nimda et.al. versus ISP responsibility geoff (Sep 27)
- Re: Nimda et.al. versus ISP responsibility John Oliver (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Rich Puhek (Sep 27)
- Re: Nimda et.al. versus ISP responsibility terry white (Sep 27)
- <Possible follow-ups>
- RE: Nimda et.al. versus ISP responsibility John Campbell (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Adcock, Matt (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Tracy Martin (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Homer Wilson Smith (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Tracy Martin (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Neil Dickey (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Michael B. Morell (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Dave Salovesh (Sep 27)
- RE: Nimda et.al. versus ISP responsibility UMusBKidN (Sep 27)
- Re: Nimda et.al. versus ISP responsibility robertm (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Jason Robertson (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Mogull,Rich (Sep 27)
- RE: Nimda et.al. versus ISP responsibility ahoward (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Greg A. Woods (Sep 27)
(Thread continues...)
- Re: Nimda et.al. versus ISP responsibility Chip McClure (Sep 27)