I have begun advocating in favor of 'progressive discipline' for ISP customers harboring infections- first, notification; second, a 'time-out'; third, disconnect. Basically we need to look at this as quarantining infected sites so they don't spread the germs and put larger portions of the net populace at risk. John Campbell Security Engineer Washington School Information Processing Cooperative (WSIPC) jcampbellat_private -----Original Message----- From: Luc Pardon [mailto:lucpat_private] Sent: Thursday, September 27, 2001 9:50 AM To: incidentsat_private Subject: Nimda et.al. versus ISP responsibility I'd like the opinion of the list on the attitude of ISP's versus worms. It is clear that we're going to see more of this. I think we all agree that connecting an unpatched IIS machine to the open Internet is acting irresponsibly. Most AUP's already prohibit spamming, port scanning etc. (at least on paper). Why not include "infection through negligence" as a reason for suspension? Maybe with a reasonable grace period the first time. Problem is that one ISP can't go it alone. If they pull the plug, they may loose the customer to a less responsible competitor. Unlike spammers, most worm victims are "offending" out of ignorance. Such a provision in the AUP would likely get their attention and maybe cause a mind shift towards "Unpatched Is Bad (tm)". What do you all think ? Luc Pardon Skopos Consulting Belgium ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 11:01:05 PDT