[Dshield] ISP Responsibity...

Abuse abuse at what4now.com
Sat Aug 20 23:49:31 GMT 2005


** Reply to message from "Clinton E. Troutman" <troutman at mesh.net> on Fri, 19
Aug 2005 21:21:20 -0500

> > On a somewhat different note, it seems to me that a large part of the
> > problem lies with the ISPs. If they would take an active roll in the
> > fight against SPAM and WORMS and Viruses we would be a lot further
> > along.
> > Why can't they unplug machines that they know are infected, 
> 
> Personally, I don't want some random mis/ill/uninformed ISP employee making 
> any attempt to determine what my machines are doing and/or why they are 
> doing it.

In normal use I agree.  But when the ISP receives reports of abuse they need to
stop the abuse and get the machine cleaned up.


> > and 
> > why can't they try to identify infected machines on their networks? 
> 
> Same statement as above...
> Now that doesn't mean that triggers can't be set such that blatantly obvious 
> behavior is flagged; mass email, mass IP scan, etc. These things are 
> usually out of the boundaries of AUP anyway...
> But, I don't want anyone closing in/outbound ports for me for any reason.

I have no problem with an ISP closing a port if there is a way that will not
stop normal web functions from being done.  Blocking port 25 to other email
servers than the ISPs email server does not stop normal email function it just
requires a little configuration change.


> > I certainly don't want to have to wait till our legislators draft some
> > bizarre law to force ISP to do the right thing. 
> 
> Oh marvelous...
> A political entity that is even more mis/ill/uninformed than an ISP employee 
> should draft legislation telling an ISP to tell is clients how to conduct 
> themselves and their hardware/software. This is analogous to the 
> legislators telling me that if I don't monitor access to my house, they 
> will build a fence with concertina wire around my house and charge me for 
> it and not give me the keys to the gate.
> 
> I don't find the idea of ISP Responsibility palatable at all whether the 
> ISP's decide on their own to undertake the task or whether the legislators 
> require the ISP's to undertake the task. 

Someone has to be responsible for the network.  If no one was responsible the
internet would not be as usable as it is.  Almost all ISP have an AUP, the
problem is that some do not enforce it.


> I think, perhaps, that those folks that advocate ISP Responsibility consider 
> the ISP as a point of access concentration where monitoring/control could 
> most easily be accomplished. While true, it addresses the symptom and not 
> the disease.
> 
> The disease is actually the thread that sparked this thread. Stupid Users 
> with always-on broadband connections, no firewall, no AV, no mal/spyware 
> detection/removal, etc...
> But realize these are probably the same folks that drive their cars 
> everyday, put gas in it when necessary, never look at the dashboard, and 
> when it breaks they take it to the mechanic. Well, when their computer 
> "breaks", they take it to the computer mechanic or buy a new one.

Exactly why ISPs need to enforce their AUP and take the compromised machines
offline.


> While there will always be stupid users and users who just don't care, my 
> expectation is that as the computing populace becomes generally more adept 
> and more educated (as the young become old and the old die off), this 
> problem will mitigate itself for the most part. Call it Computer Darwinism 
> if you will...

I am not sure stupidity is the problem, it is ignorance.  MS advertises that
you do not need to know anything to use Windows so you get a lot of people
online that do not have any idea that anything bad could happen.  I put most of
the blame on MS, they should configure Windows so it is secure for the average
no nothing user, but they will not so we have to put up with a lot of zombied
machines.


More information about the list mailing list