Even you can be hacked
Mark Foster
blakjak at blakjak.net
Sat Jun 12 03:17:24 UTC 2004
On Fri, 11 Jun 2004, David Schwartz wrote:
>
>
> This will be my last post on this issue.
>
> In this case:
>
> 1) Almost certainly the traffic was due to a worm.
>
> 2) Almost certainly the ISP knew (or strongly suspected) the traffic was
> due to a worm.
>
> 3) Quite likely, the ISP never carried most of the traffic to its
> destination. Once they knew it was worm traffic, they were probably
> filtering by port.
>
> 4) The ISP should not have carried the attack traffic, if they actually
> did. Doing so is negligent and creates additional innocent victims. Maybe
> they would give their customer a short time to straighten things out, but
> that's it.
Erm..
Forgive me if this is a repeat posting but from what i've seen of this
thread it needs to be stated.
- My ISP Provide me with Internet Services.
- I get Authentication, an IP, DNS.
- I get a pipe to the world.
- I pay for my own bandwidth based on the plan the ISP provides me .
If I have a usage limit, and I exceed it due to a worm infection, its MY
problem. Noone elses. I'm responsible for the security aspect of my own
personal computers. Note the list of things above. I havnt paid for a
managed circuit, with warnings after unusual activity, I havnt paid for a
filtering service to filter by port for traffic that might be
suspicious... so how is this not cut-and-dried?
The ISP provides me with service, and puts a meter on it, and they bill me
by the byte, or whatever- Thats the service they're providing, im not
expecting to be billed for 'certain types of traffic' - I have a pipe, i'm
using that pipe, and I pay for what travels down it.
Any 'overusage' or unusual spikes in bandwidth usage are mine to handle -
thats part of the risk of purchasing this service. If you want the
provider to give you a solution which includes circuit monitoring, content
filtering and other such things - then by all means make sure thats
specified in the terms of service before you sign the dotted line.
This all seems so simple to me - I simply don't understand how I can blame
my ISP when my Windows machine gets a trojan on it and starts spitting out
emails - whether 0 day or otherwise, its my problem, because *I* decided
to take the (calculated) risk of putting that box online. (in whatever
state - current, or not, firewalled or not, etc..).
You can mitigate that risk through various factors - firewalls, Antivirus,
WindowsUpdate, Alternative OSs... these all modify or change the risks
involved but my ISP hasn't been involved in the calculation of this risk -
so how can they be involved in accepting the responsibility for that
risk?!?
Mark.
(Apparently I share a name with someone else on NANOG. So i'm not him...
and hes not me :))
More information about the NANOG
mailing list