Security Incidents mailing list archives
Re: Nimda et.al. versus ISP responsibility
From: Brian Cervenka <brian () zerobelow org>
Date: Thu, 27 Sep 2001 15:56:28 -0700 (PDT)
I really think we need to have two classes of internet service. One for technically savvy users, and one for my grandfather, and the millions of users like him. Most ISPs already offer this differentiation of service as a "personal" account vs. a "business" account. There is a cost difference between them, as there should be. The "personal" internet accounts should have somewhat severe limits put onto them, such that they can not run servers, etc. The business class accounts should not have the limits, or if they have the limits by default, the ISP should allow the user to fill out a form or check a box at signup which removes those limits. The AUP for many ISPs (cable for example) states that a residential user is not allowed to run a server -- so the legal issues of this are in place already. While many users have the need to run their own servers, from what I hear, the vast majority of CR and Nimda hosts are people who don't know they are running a service -- such limitation would be a boon to those people. Some ISPs actually have an option where they will install (and manage?) some level of firewall service for their users. This is the way it should be done. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Nimda et.al. versus ISP responsibility, (continued)
- Re: Nimda et.al. versus ISP responsibility robertm (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Jason Robertson (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Mogull,Rich (Sep 27)
- RE: Nimda et.al. versus ISP responsibility ahoward (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Greg A. Woods (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Jay D. Dyson (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Greg A. Woods (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Stephen Villano (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Chad Mawson (Sep 27)
- RE: Nimda et.al. versus ISP responsibility UMusBKidN (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Jonathan Levy (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Brian Cervenka (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Tony Langdon (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Dean Cunningham (Sep 27)
- RE: Nimda et.al. versus ISP responsibility ahoward (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Smith, Mark (Sep 28)