nanog mailing list archives

Re: Open, anonymous services and dealing with abuse

From: "John Palmer" <nanog () adns net>
Date: Tue, 17 Feb 2004 14:43:32 -0600


I hate to see government get involved in anything, but perhaps
some law holding PC owners responsible for SPAM that comes
from their unpatched machines AS LONG AS there is ample
notification to that user that their machine is compromised.

Also, ISP's should be held responsible for allowing unpatched 
machines to be connected to them and for e-mail to be propagated
from their.

Sounds like an unfunded "mandate", and it probably is, but there
is the concept of "attractive nusaince" in the law now. 

Again, any law would need to be designed to allow for AMPLE
notification to the owner of the offending machine/ISP to allow
time for them to fix it. Only then would there be a requirement 
that their ISP disconnect them or face fines.

----- Original Message ----- 
From: "william(at)elan.net" <william () elan net>
To: <matt () petach org>
Cc: <nanog () merit edu>
Sent: Tuesday, February 17, 2004 15:27
Subject: Re: Open, anonymous services and dealing with abuse


On Tue, 17 Feb 2004 matt () petach org wrote:

Trojaned PCs and zombie proxies relaying spam are like cold
sores; they don't kill anyone, they just make things mildly
uncomfortable, so we numb them over, and go about our
business like normal, even if that includes allowing the
infection to spread even further.

If proxies *did* kill, then yes, we'd take them seriously;
but anything short of that, and real life tells us we won't
take them seriously enough to try to do real research into
ultimately stamping them out.


But proxies do "kill" - the trojaned "owned" PCs are and have been
for years used to create distributed DoS attacks which can easily
kill a site or even smaller network. There is enourmous potential
harm to from them and that is in addition to normal everyday less 
articulated harm because of spam and more that mail servers and other 
infrastracture is being used for it. ISPs end up paying for all this.

Everybody thinks if its not us, we don't have problem so we dont want
to spend anything to fix it - bu its not true, you already are paying
for it due to increased cost of operation. The cost of fixing your own
network even 50% of other ISPs did it, would in the end be smaller.

-- 
William Leibzon
Elan Networks
william () elan net

Current thread:

Re: Open, anonymous services and dealing with abuse, (continued)
- - - Re: Open, anonymous services and dealing with abuse Henry Linneweh (Feb 16)
    - Re: Open, anonymous services and dealing with abuse Daniel Reed (Feb 16)
    - Re: Open, anonymous services and dealing with abuse Mark Turpin (Feb 17)
    - Re: Open, anonymous services and dealing with abuse Daniel Reed (Feb 17)
    - Re: Open, anonymous services and dealing with abuse Mark Turpin (Feb 17)
    - RE: Open, anonymous services and dealing with abuse Roy (Feb 17)
    - RE: Open, anonymous services and dealing with abuse Nicole (Feb 17)
    - RE: Open, anonymous services and dealing with abuse Roy (Feb 17)
    - Re: Open, anonymous services and dealing with abuse matt (Feb 17)
    - Re: Open, anonymous services and dealing with abuse william(at)elan.net (Feb 17)
    - Re: Open, anonymous services and dealing with abuse John Palmer (Feb 17)
    - Re: Open, anonymous services and dealing with abuse JC Dill (Feb 17)
    - Re: SMTP authentication for broadband providers Alex Bligh (Feb 13)
  - Re: SMTP authentication for broadband providers Mark Foster (Feb 13)
- Re: SMTP authentication for broadband providers Alex Bligh (Feb 13)