nanog mailing list archives
Re: Points on your Internet driver's license (was RE: Even you can be
From: Paul Vixie <vixie () vix com>
Date: 12 Jun 2004 05:48:32 +0000
sean () donelan com (Sean Donelan) writes:
... Why do so many people ignore their ISP when told about problems with their computer? My computer can't be infected, I have a firewall.
in any other industry, you (the isp) would do a simple risk analysis and start treating the cause rather than the symptom. for example you might offer inbound filtering, cleanup tools and services, and you would put their computer in cyberjail when it was known to be "infected", and you would certainly not offer your services without a clear idea of how to reach the customer and assist them in getting out of cyberjail -- even if it meant rolling a technician. but then you'd have to charge for all that. and in the isp business, you'd have competitors who wouldn't offer it and wouldn't charge for it, and you'd lose business or maybe even go out of business. with the unhappy result being that you just let it happen, which is bad for your customers, and bad for the rest of us on the internet, but not nearly as bad for you (the isp). for you (the isp), every possible cure is worse than the disease. but you don't seem to mind that the rest of us, and your customers, catch various diseases, as long as *you're* ok. feh.
Paul Vixie proposed that people should be required to use personal Co-Lo
^^^^^^^^^^^^^^^^^^(1)
so the co-lo provider has collateral to seize when the customer fails to
^^^^^^^^^^^^^^^^^^^(2)
keep the computer secure.
well, no. i (1) said that people who had personal co-lo boxes in better internet neighborhoods and who could just use their cable or dsl line for web browsing and for access to their personal co-lo box would have less of their e-mail rejected at the far end. and as for (2), i think that anyone who co-lo's a personal box is likely to first learn how to pay enough attention to it that it will not become a malagency for third parties, and that a co-lo operator who only had such customers would be able to charge enough to pay for some monitoring and cleanup and so on; the possibility of seizure is more for the case of deliberate abuse (like ddos'ing an irc server, or sending spam, or hosting spamvertized www) than third party abuse. see <http://www.vix.com/personalcolo/> for more information about all that. and note that i'm broadening it to include smtp-auth/webdav/ftp providers who want to serve basically the same market but without dedicated iron. so if you offer that and havn't told me, then please tell me now.
Would customers complain if ISPs started seizing their computers instead of sending them large bills?
that's so unsequitur that i don't even know how to read it let alone answer.
Should ISP's charge customers cleanup fees to encourage them to keep their computers secure?
yes.
$10 or $100 or $1,000 per incident?
no. there should be a forfeitable deposit, plus an per-incident fee which is mostly to pay for the cost of monitoring and the cost of auditing the host to ensure that it complies with the isp's security policy before it can be reattached. the deposit can be refunded after N years of incident-free behaviour, and should be doubled after each verified incident.
Should it be like points on your Internet driver's license? For the first incident you have to attend 8-hour traffic school, for the second incident in 12 months you have points put on your record and your insurance rates go up. Too many points, and your Internet privileges are revoked.
alas. on the internet, nobody knows you're a dog. -- Paul Vixie
Current thread:
- RE: Even you can be hacked, (continued)
- RE: Even you can be hacked David Schwartz (Jun 11)
- Points on your Internet driver's license (was RE: Even you can be hacked) Sean Donelan (Jun 11)
- Re: Points on your Internet driver's license (was RE: Even you can be hacked) Randy Bush (Jun 11)
- Re: Points on your Internet driver's license (was RE: Even you can be hacked) Jonathan Nichols (Jun 11)
- Re: Points on your Internet driver's license (was RE: Even you can be hacked) Randy Bush (Jun 11)
- Re: Points on your Internet driver's license (was RE: Even you can be hacked) Jonathan Nichols (Jun 11)
- OT Re: Points on your Internet driver's license (was RE: Even you can be hacked) Peter Galbavy (Jun 12)
- Re: Points on your Internet driver's license (was RE: Even you can be hacked) Michael Painter (Jun 12)
- Re: Points on your Internet driver's license (was RE: Even you can be hacked) Adi Linden (Jun 11)
- Re: Points on your Internet driver's license (was RE: Even you can be hacked) Henry Linneweh (Jun 11)
- Re: Points on your Internet driver's license (was RE: Even you can be Paul Vixie (Jun 11)
- Re: Points on your Internet driver's license (was RE: Even you can be Randy Bush (Jun 11)
- Re: Points on your Internet driver's license (was RE: Even you can be Sean Donelan (Jun 12)
- Re: Points on your Internet driver's license (was RE: Even you can be Petri Helenius (Jun 12)
- Re: Points on your Internet driver's license (was RE: Even you can be Adi Linden (Jun 12)
- Re: Points on your Internet driver's license (was RE: Even you can be Paul S. Brown (Jun 12)
- Re: Points on your Internet driver's license (was RE: Even you can be Adi Linden (Jun 12)
- Re: Points on your Internet driver's license (was RE: Even you can be Geoincidents (Jun 12)
- Re: Points on your Internet driver's license (was RE: Even you can be Mark Kent (Jun 12)
- Re: Points on your Internet driver's license (was RE: Even you can be Michael . Dillon (Jun 14)
- Re: Points on your Internet driver's license (was RE: Even you can be Niels Bakker (Jun 14)