[Dshield] Commentary on how to deal with infected users who fail to clean up their acts! [Fwd: [NANOG] Even you can be hacked

Roger Buck rog at saas.nsw.edu.au
Sat Jun 12 23:30:20 GMT 2004

Jon R. Kibler wrote:
> Sean Donelan wrote:
>>If you leave your lights on, the electric company will send you a bill.
>>If you leave your faucets running, the water company will send you a bill.
>>If you leave your computer infected, ???
 > Just my $0.02 worth!

Unfortunately, the analogy is not valid for those of us who are paying 
ISP bills based on metered traffic. It also conveniently overlooks the 
fact that _everyone_ is paying a significant 'tax' for unwanted Internet 
traffic: Especially the unwanted traffic generated by most of the recent 
(12-18 months) Internet worms.

The above analogy fails in two main ways:

1. The water company and other utilities only bill you for what you 
_use_ on your side of the meter, whereas ISP's will bill you for what 
they deliver to _their_ side of the meter (firewall): You still pay for 
all the incoming virus traffic no matter how responsibly you configure 
your firewall block/drop rules. For the analogy to work,  turning off 
the lights is not enough - you have to physically disconnect all 
utilities and go live in a cave :)

2. All meter based data charges entail a commercial profit for the ISP - 
The more unwanted traffic that is generated the more profit is generated 
and therefore the less incentive for ISP's to reduce unwanted traffic.

So, for those who believe in the validity of the above advice:

Will the last person to disconnect from the Internet please "turn off 
the light" :)

Just my $0.02 worth.. plus 50% tax for unwanted traffic :)


More information about the list mailing list