nanog mailing list archives
Re: What if it doesn't affect the ISP? (was Re: What do you want your ISP to block today?)
From: Matthew Palmer <mjp16 () ieee uow edu au>
Date: Sun, 31 Aug 2003 12:21:09 +1000 (EST)
On Sat, 30 Aug 2003, Sean Donelan wrote:
The recurring theme is: I don't want my ISP to block anything I do, but ISPs should block other people from doing things I don't think they should do.
That's about my position, I guess. <g> There's a difference between naively blocking ports or screwing with packets, though, and blocking known dodgy behaviour (spoofed source addresses, for one). Yes, port 135 is a known vector, and so is 4444 now, but they have their legitimate uses. If you have evidence that someone is doing something dodgy with them, then you should shut them down. But spanking everyone because some people can't/won't take responsibility for their systems reeks of schoolroom justice ("We're all going to sit here until the guilty party owns up").
So how long is reasonable for an ISP to give a customer to fix an infected computer; when you have cases like Slammer where it takes only a few minutes to infect the entire Internet? Do you wait 72 hours? or until the next business day? or block the traffic immediately?
Immediately. The ISP is, IMO, responsible for the traffic of those they connect to the Internet. Maybe I'm just showing my old-fashioned values there, though.
Or some major ISPs seem to have the practice of letting the infected computers continuing attacking as long as it doesn't hurt their network.
"Welcome to my null0, O provider of loose morals". -- ----------------------------------------------------------------------- #include <disclaimer.h> Matthew Palmer, Geek In Residence http://ieee.uow.edu.au/~mjp16
Current thread:
- Re: What do you want your ISP to block today?, (continued)
- Re: What do you want your ISP to block today? Ian Mason (Aug 30)
- Re: What do you want your ISP to block today? Gerardo Gregory (Aug 30)
- RE: What do you want your ISP to block today? Mark Borchers (Aug 30)
- Re: What do you want your ISP to block today? Gerardo Gregory (Aug 30)
- RE: What do you want your ISP to block today? Owen DeLong (Aug 31)
- Re: What do you want your ISP to block today? Iljitsch van Beijnum (Aug 30)
- Re: What do you want your ISP to block today? Marshall Eubanks (Aug 30)
- What if it doesn't affect the ISP? (was Re: What do you want your ISP to block today?) Sean Donelan (Aug 30)
- Re: What if it doesn't affect the ISP? (was Re: What do you want your bmanning (Aug 30)
- Re: What if it doesn't affect the ISP? (was Re: What do you want your Owen DeLong (Aug 31)
- Re: What if it doesn't affect the ISP? (was Re: What do you want your ISP to block today?) Matthew Palmer (Aug 30)
- Re: What if it doesn't affect the ISP? (was Re: What do you want your ISP to block today?) Christopher X. Candreva (Aug 31)
- Re: What if it doesn't affect the ISP? (was Re: What do you want your ISP to block today?) Christopher X. Candreva (Aug 31)
- Re: What if it doesn't affect the ISP? (was Re: What do you want your ISP to block today?) Iljitsch van Beijnum (Aug 31)
- Re: What do you want your ISP to block today? Jack Bates (Aug 30)
- Re: What do you want your ISP to block today? Valdis . Kletnieks (Aug 29)