RE: Even you can be hacked

[Mark Foster <blakjak () blakjak net>]

On Fri, 11 Jun 2004, David Schwartz wrote:

>       This will be my last post on this issue.
>
>       In this case:
>
>       1) Almost certainly the traffic was due to a worm.
>
>       2) Almost certainly the ISP knew (or strongly suspected) the traffic was
> due to a worm.
>
>       3) Quite likely, the ISP never carried most of the traffic to its
> destination. Once they knew it was worm traffic, they were probably
> filtering by port.
>
>       4) The ISP should not have carried the attack traffic, if they actually
> did. Doing so is negligent and creates additional innocent victims. Maybe
> they would give their customer a short time to straighten things out, but
> that's it.

Erm..

Forgive me if this is a repeat posting but from what i've seen of this
thread it needs to be stated.

- My ISP Provide me with Internet Services.
- I get Authentication, an IP, DNS.
- I get a pipe to the world.
- I pay for my own bandwidth based on the plan the ISP provides me .

If I have a usage limit, and I exceed it due to a worm infection, its MY
problem. Noone elses.  I'm responsible for the security aspect of my own
personal computers.  Note the list of things above. I havnt paid for a
managed circuit, with warnings after unusual activity, I havnt paid for a
filtering service to filter by port for traffic that might be
suspicious... so how is this not cut-and-dried?

The ISP provides me with service, and puts a meter on it, and they bill me
by the byte, or whatever- Thats the service they're providing, im not
expecting to be billed for 'certain types of traffic' - I have a pipe, i'm
using that pipe, and I pay for what travels down it.

Any 'overusage' or unusual spikes in bandwidth usage are mine to handle -
thats part of the risk of purchasing this service.  If you want the
provider to give you a solution which includes circuit monitoring, content
filtering and other such things - then by all means make sure thats
specified in the terms of service before you sign the dotted line.

This all seems so simple to me - I simply don't understand how I can blame
my ISP when my Windows machine gets a trojan on it and starts spitting out
emails - whether 0 day or otherwise, its my problem, because *I* decided
to take the (calculated) risk of putting that box online. (in whatever
state - current, or not, firewalled or not, etc..).

You can mitigate that risk through various factors - firewalls, Antivirus,
WindowsUpdate, Alternative OSs... these all modify or change the risks
involved but my ISP hasn't been involved in the calculation of this risk -
so how can they be involved in accepting the responsibility for that
risk?!?

Mark.
(Apparently I share a name with someone else on NANOG.  So i'm not him...
and hes not me :))