Even you can be hacked

Andy Dills andy at xecu.net
Thu Jun 10 21:09:14 UTC 2004


On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote:

>
> Jeff Shultz wrote:
>
>
> > But ultimately, _you_ are responsible for your own systems.
>
> Even if the water company is sending me 85% TriChlorEthane?
>
> Right.  Got it.  The victim is always responsible.
>
> There you have it folks.

Change the word "victim" to "negligent party" and you're correct.

Ignoring all of the analogies and metaphors, the bottom line is that ISPs
are _not responsible_ for the negligence of their customers, and that ISPs
are _not responsible_ for the _content_ of the packets we deliver. In
fact, blocking the packets based on content would run counter to our sole
responsibility: delivering the well-formed packets (ip verify unicast
reverse-path) where they belong.

Remember, we're service providers, not content providers. Unless your AUP
or customer contract spells out security services provided (most actually
go the other way and limit the liability of the service provider
specifically in this event), then your customers have to pay you to secure
their network (unless you feel like doing it for free), or they are
responsible, period.

As far as I'm concerned, that guy would have a better shot at suing
Microsoft then challenging his bandwidth bill.

Andy

---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---



More information about the NANOG mailing list