Even you can be hacked

• Previous message (by thread): Even you can be hacked
• Next message (by thread): Even you can be hacked
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Jun 10, 2004, at 2:06 PM, Laurence F. Sheldon, Jr. wrote:

> The "victim" in the case Sean posted knew he had a worm, got some of
> his first bill forgiven, yet did nothing to correct it and acts
> surprised when the same thing happens the next month.  YES, he is at
> fault.  Anyone who thinks differently .. uh .. can I buy b/w from you?
> :)  Oh, and since you feel responsible, I'm only going to pay for the
> amount of traffic I think I should have gotten on my web page, even if
> I get /.'ed or something.  Does $25/Mbps sound good?  I plan to use
> about 1 Mbps, but I will need an un-rate-limited GigE connection.

	It all depends upon what the agreement between the customer and the ISP
says. It's no unreasonable for the ISP to 'insure' the customer against
risks he isn't able to mitigate which the ISP is, even if that means
shutting off his service.

	If someone blows up my water line and $1,000,000 worth of water is wasted,
I don't think the water company is going to expect me to pay for it. This is
especially true if the water company knew about the leak, could have done
something to mitigate it, and failed to do so. Even if that means shutting
off my water, that's what I'd expect them to do, shut it off until someone
fixes it.

	Most of the people on this list see things from the ISP's perspective.
However, step back a bit and see it from the user's perspective. Do you
expect to pay for phone calls you didn't make or do you expect the person
whose deliberate conscious action caused those calls to be made? Do you
expect to be responsible for patrolling your electric lines to make sure
someone hasn't plugged into your outside outlets?

	For most classes of service, it makes the most sense to only charge the
customer for the traffic he wants and have the ISP take the responsibility
for dealing with attacks to the extent they can do so. This is because the
customer can't afford to hire a full time person to guard his always-on DSL
connection while he's away for two weeks but his ISP can. This may mean that
you're disconnected until they can coordinate with you -- such is life.

	Just be aware, your customers may not have the same expectations you do,
and you should make your understanding *very* clear to your customers in
your contracts.

	DS

• Previous message (by thread): Even you can be hacked
• Next message (by thread): Even you can be hacked
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]