[Dshield] Blackworm liability with ISPs?

Chris Wright dshield at yaps4u.net
Thu Feb 2 15:56:14 GMT 2006


So why don't you have dedicated hardware protection on your boundaries to
prevent the nasties from functioning in the first place?  

(But then someone plugs in their laptop after a weekend at home, only to
bring an infected machine onto the internal network).

So why isn't all non-permanent net space hardware protected. (ie. That which
is open for users as opposed to fixed office/residential units etc).

That's a big cost for the average University Network Admin and you don't
exactly generate a revenue from your users, so you rely on education of the
users.

What is the cost in downtime of the network as against prevention?
How many guys like you in the team? (Ok, we could be talking job cuts for
your team here).
How many guys would you require if you had a perfectly clean network
99.9999% of the time?

Regards

Chris



> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of 
> Stasiniewicz, Adam
> Sent: 02 February 2006 15:42
> To: General DShield Discussion List
> Subject: Re: [Dshield] Blackworm liability with ISPs?
> 
> Granted universities are not ISPs in the typical sense, but 
> we still have a large collection of computers for which we 
> don't have direct control over (i.e. res halls).  I am one of 
> the many people who end up having to deal with the multitude 
> of viruses and other random junk that we get from the res 
> halls, and as much as I would like to say we do a good job in 
> cleaning the halls up, I would never want to be held liable 
> for the few computers that I missed.  And quite frankly I 
> think the average American university does a far greater job 
> of protecting their continuants than the average American 
> ISP.  We will use Dshield reports, abuse@ emails, IDS logs, 
> firewall logs, and sandtraps to find as many infected 
> computers as we possibly can, but we will always miss a few.
> Also what about spyware?  Minus the "phone-home" feature on 
> some of them, it is fairly hard to detect them from the 
> network.  I really would not want someone suing me over some 
> spyware which they got on their computer from downloading porn.
> 
> We tell our users how to be safe and offer help in dealing 
> with problems that may crop up.  We also try to detect (from 
> the network) as many infected computers as we can.  But at 
> the end of the day, what the user chooses to do is something 
> we cannot be held liable for.
> 
> Regards,
> Adam Stasiniewicz
> Computer and Communication Services Department Milwaukee 
> School of Engineering
> MSCE: Messaging & Security 2003 
> 
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org [mailto:list- 
> > bounces at lists.dshield.org] On Behalf Of Frank Knobbe
> > Sent: Wednesday, February 01, 2006 6:32 PM
> > To: General DShield Discussion List
> > Subject: [Dshield] Blackworm liability with ISPs?
> > 
> > Greetings,
> > 
> > the recent SANS NewsBites had a mention regarding the 
> current efforts
> to
> > notify ISPs of machines that access the counter the worm uses.
> > 
> > To my amazement, I saw the following quote by Alan Paller:
> > "(Paller): This is a great opportunity to establish a financial 
> > liability precedent for negligence by ISPs and system 
> owners. The ISPs 
> > have several days to inform and protect their customers as 
> does every 
> > other large network owner such as government agencies, academic 
> > institutions and large companies. If you learn of anyone who is 
> > damaged by this
> worm,
> > please connect them with me (paller at sans.org) and we will work
> together
> > to make sure that ISPs and network owners who are in a position to 
> > protect their users understand that not providing such 
> protection will 
> > be considered negligence and carry penalties.]"
> > 
> > Isn't this a bit off-the-wall? Why would ISPs be liable when their 
> > consumers are stupid enough to get themselves infected? (Yes, I call
> it
> > stupid. Anyone who doesn't run AntiVirus software on their PC *and* 
> > blindly clicks on links in email that promise Kama Sutra 
> pictures and 
> > such, I do consider stupid. Not just that, but that *person* can be 
> > considered negligent in regards of their own IT security.)
> > 
> > How can anyone propose that the companies offering Internet 
> access are 
> > to be held liable when the consumers don't use the access, or their 
> > equipment, properly and get infected with viruses? Isn't this like 
> > calling train and other transportation operators liable in the case
> that
> > I catch a fever, or perhaps the avian-flu, by riding a bus 
> to work or 
> > during airplane ride?
> > 
> > Is our litigious society spiraling out of control such that 
> we always 
> > blame someone else?
> > 
> > In email borne worms like these, the breakdown, fault, and 
> liability 
> > lies squarely with the user in my opinion. While 
> vulnerabilities of an 
> > operating system may be blamed on the vendor of such, being tricked
> into
> > performing damaging actions on ones computer clearly is the fault of
> the
> > trickster, but also the executor of such action.
> > 
> > Anyone else having a problem with putting liability on... (/me rolls
> the
> > magic 8-ball...) the ISP?
> > 
> > Regards,
> > Frank
> > 
> > 
> > --
> > It is said that the Internet is a public utility. As such, 
> it is best 
> > compared to a sewer. A big, fat pipe with a bunch of crap sloshing 
> > against your ports.
> 
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of 
> your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org To change your 
> subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 



More information about the list mailing list