Re: Attitude problem.

["Greg A. Woods" <woods () weird com>]

I do in fact agree with everything you say, except this part:

[ On Thursday, September 21, 2000 at 12:36:44 (-0500), Booth, David CWT-MSP wrote: ]
> Subject: Attitude problem.
>
> 2 broadband service providers sent me a form-letter response and took no
> action.

Remember that end-user ISPs in general have literally no responsibility
for the state of their customer's machines.  Of course they must prevent
their customers from from doing really bad things, such as sending
packets with spoofed addresses, allowing open SMTP relays, etc., but
there's not much they can do about a rooted customer box except send a
warning to the customer (hopefully "out-of-band" so the cracker can't
"deal" with it!).

Note also that ISPs in general can't really say anything bad about a
customer using all of his allocated bandwidth either.  Indeed many third
tier providers are "happy" to see a few of their users generating lots
of outbound traffic because it balances out the incoming traffic and
makes their Cricket graphs look better!  (Yes, I am serious -- many
do think this is a good thing and they never think twice that this
traffic might be part of a DDoS!  So long as it's not spoofed their
happy!)

Slightly more "informed" ISPs will be willing and eager to block
outbound DoS traffic if they're told of it, but they can't really do
anything proactively to prevent it since they're at least pretending to
offer their customers a direct true IP network connection.

--
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods () acm org>      <robohack!woods>
Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>