Security Incidents mailing list archives
Re: Nimda et.al. versus ISP responsibility
From: Rich Puhek <rpuhek () etnsystems com>
Date: Thu, 27 Sep 2001 15:02:46 -0500
We look at the issue two ways. First, we feel that an important part of our service is notifying the customer of problems with their machine that they may not have noticed. Second, we need to provide a good level of service to all of our customers. The idea of providing a high level of service to all our customers may mean that we have to deny service, temporarily or perminently, to a customer who's actions are detremental to the rest of our customers. This means that we cut off spammers (so that our legit. customers can still send email and perticipate in newsgroups), pornographic or severely objectionable websites (so customer's reputaions are not influenced by association), and any activities that threaten the security of our network or our customers information. Don't believe that a few bad apples can affect others on the same ISP? Ask a few email administrators what they do with uu.net's dialup space :-) This view has led us to cancel access for spammers and porn publishers. It has also led us to inform several customers about infected machines on their networks (Code Red, Nimda, and Ramen have been the biggest offenders). In each case of infected machines, we were prepared to drop the customer's connection if necessary (it never was). We have a harder time tracking down the smaller (usually dialup) offenders, given the rate they get infected and cleaned. They cause much less of a problem though, so we haven't worried about them as much. I think it is possible for an ISP to take individual action. I don't think we can afford not to inform our customers of problems and take action if necessary. --Rich Luc Pardon wrote:
I'd like the opinion of the list on the attitude of ISP's versus worms. It is clear that we're going to see more of this. I think we all agree that connecting an unpatched IIS machine to the open Internet is acting irresponsibly. Most AUP's already prohibit spamming, port scanning etc. (at least on paper). Why not include "infection through negligence" as a reason for suspension? Maybe with a reasonable grace period the first time. Problem is that one ISP can't go it alone. If they pull the plug, they may loose the customer to a less responsible competitor. Unlike spammers, most worm victims are "offending" out of ignorance. Such a provision in the AUP would likely get their attention and maybe cause a mind shift towards "Unpatched Is Bad (tm)". What do you all think ? Luc Pardon Skopos Consulting Belgium
_________________________________________________________ Rich Puhek ETN Systems Inc. _________________________________________________________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda et.al. versus ISP responsibility Luc Pardon (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Chip McClure (Sep 27)
- Re: Nimda et.al. versus ISP responsibility geoff (Sep 27)
- Re: Nimda et.al. versus ISP responsibility John Oliver (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Rich Puhek (Sep 27)
- Re: Nimda et.al. versus ISP responsibility terry white (Sep 27)
- <Possible follow-ups>
- RE: Nimda et.al. versus ISP responsibility John Campbell (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Adcock, Matt (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Tracy Martin (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Homer Wilson Smith (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Tracy Martin (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Neil Dickey (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Michael B. Morell (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Dave Salovesh (Sep 27)
- RE: Nimda et.al. versus ISP responsibility UMusBKidN (Sep 27)
- Re: Nimda et.al. versus ISP responsibility robertm (Sep 27)
(Thread continues...)
- Re: Nimda et.al. versus ISP responsibility Chip McClure (Sep 27)