Even you can be hacked

Owen DeLong owen at delong.com
Thu Jun 10 21:38:29 UTC 2004



--On Thursday, June 10, 2004 11:11 -0700 Mark Kent 
<mark at noc.mainstreet.net> wrote:

>
>>> But ultimately, _you_ are responsible for your own systems.
>
> When I detect abusive behavior coming from a customer site then
> it is my responsibility to make sure that doesn't affect the
> rest of the world.
>
To some extent, yes.  I agree that his ISP should have shut him down
much earlier than they did, but, I suspect this guy would be pretty
unhappy about that, too.

> Also, if I know how to fix it at source and the customer doesn't know
> then it's my responsibility to make sure the customer has the tools
> and resources to fix it.  How fast it gets fixed is not a primary
> concern because of the previous paragraph.
>
I'm less convinced of this.  Certainly, it's the nice thing to do, but, I'm
not convinced you have any responsibility.  It's what I would do.  It's
the neighborly thing to do.  It's the good customer service thing to do.
All of those things put it in a very different context than "I have a
responsibility".

> Parallels to fire/water/electricity/etc. don't quite work
> because there is a big difference between the worm that came
> out yesterday and the National Electrical Codes that came out
> last century.
>
Yes and no.  If a customer starts dumping dirty power onto the electric
grid, believe me, it will cause problems for other customers almost
as quickly (although over a smaller area) as yesterday's worm.  If
the sanitary sewer develops a clog at the end of the street, it is
the neighbor at the bottom of the hill that will suffer when the
neighbor at the top of the hill flushes.

The analogies at least work in terms of who has responsibility for
fixing the machine.  It is not your responsibility to fix your customer's
machine unless that is an additional service they have contracted you
for.  I don't want my ISP telling me how to run my machine, nor do I want
them controlling what packets I do and don't receive.  Customers who do
want those services should be able to find ISPs that offer them as a
value add.  I don't want them, and I would be angered if they were dictated
to me.

Owen




-- 
If this message was not signed with gpg key 0FE2AA3D, it's probably
a forgery.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040610/33a2a382/attachment.sig>


More information about the NANOG mailing list