Interesting People mailing list archives
more on FTC to alert ISPs to zombies
From: David Farber <dave () farber net>
Date: Wed, 20 Jul 2005 15:57:01 -0400
Begin forwarded message: From: "Steven M. Bellovin" <smb () cs columbia edu> Date: July 20, 2005 1:38:13 PM EDT To: David Farber <dave () farber net> Subject: Re: Fwd: [IP] FTC to alert ISPs to zombies I received the following query:
Maybe he can elaborate a little on the abuse he mentions, I don't know what he is referring too.
Any time a government agency starts telling ISPs which of their customers are misbehaving, I worry. We can all agree about certain forms of illegal behavior -- worms, for example -- but there are greyer areas. For example, on occasion I've been known to run security scans from my house against a machine I personally own. That's legal, in the sense that it's authorized by the owner of the machine, but no IDS is going to know that. But for consumer ISPs, it's often easier to pull the plug than to investigate. More seriously, I'm concerned any time a government agency starts reporting or otherwise taking action on legal forms of "speech". The usual phrase is a "chilling effect" -- will my ISP feel it has to go overboard to avoid getting notices (with the implied threat of regulation) from the FTC? To be concrete, how about IRC? It's very well known in the Internet security community that many botnets are controlled via IRC. Does that mean that an ISP should block all IRC traffic? Is that the easiest way to avoid such notices? IRC is, of course, a very legitimate way to engage in conversations. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on FTC to alert ISPs to zombies David Farber (Jul 20)