Firewall Wizards mailing list archives
Re: Botnets, IRC servers and firewalls?
From: Paul Robertson <proberts () patriot net>
Date: Thu, 5 Feb 2004 13:56:33 -0500 (EST)
On Thu, 5 Feb 2004, Gadi Evron wrote:
As I said, I exaggerated, but so are you.. :) Should you be held liable if you do not know how to drive a car and hit a tree? Or a person?
But this isn't the case- most of the primary infections are because the user got up in the morning, turned on their car and started off to work, and during the night, someone made it so that every once in a while, turning the wheel left makes the car go right. Worse yet, the car manufacturer made it so that sometimes stepping on the brake stops the car, and sometimes it speeds it up, but if the user doesn't know what sort of paving materials produce which effect, it's obviously their fault.
As I said, this is not very much within the realm of possibility, but ISP's can and should, to a level, be made by the law liable for what their users do.
If we keep up the flawed analogy (hey, it's fun...,) you're saying that the road crew who built the highway and the road to the user's parking spot should be held liable whenever someone strikes a pedestrian.
For example, port scanning from one of their users... Perhaps for not responding to abuse reports? I am not sure exactly to which level this should be held (in my opinion, and as I said, I am exaggerating, do forgive me). But if you provide a service you should be held liable, again, to a level, for those who use it.. to spam.. to attack.. or some other issues?
So, if you manufacture cutlery, you should be liable if someone uses your butter knife to attack someone else? Also, if someone steals a butter knife from one of your customers and uses it to attack a third party?
Your metaphor to my, as stated, exaggerated analogy, is wrong. Users now can utilize the "Trojan horse defense" to get out of nearly everything, especially if the evidence in the case were not collected carefully (such as catch the guy in the act).
That's really an artifact of a particular case going wrong, not a generalized defense (it's tried more and more often, but isn't often successful.) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Botnets, IRC servers and firewalls?, (continued)
- Re: Botnets, IRC servers and firewalls? mlh (Feb 04)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Marcus J. Ranum (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gwendolynn ferch Elydyr (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? mlh (Feb 04)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)
- Re: Botnets, IRC servers and firewalls? Stephen P. Berry (Feb 21)
- Re: Botnets, IRC servers and firewalls? R. DuFresne (Feb 21)