-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 27 Sep 2001, Luc Pardon wrote: I agree whole-heartedly with you on this issue. I believe it is the users responsibility keeping their machines patched, up to date, and secure. Whether they are technically minded or not. It is not the ISP's responsibility to police all their users, however, given the high number of infections, and network saturation of bandwidth, something has to be done. Unfortunately, for the ISP's, they would bear the burden of implementing filters (which I disagree with), or suspending accounts of infected users' machines. If a customer is detected as having an infected machine, give em a 24 hour shut-off notice. The ISP also looses money by an infected customer. They need to pay the increased costs of bandwidth, for the infected machines. I think the ISP wins in the long run, getting rid of a few infected users. A vulnerable machine left on the internet, is like leaving your wallet, credit cards, and your front door wide open. Nobody else wopuld do that - and it shouldn't happen here. This also opens up a new door - what to do about the corporate systems on the net which are infected / vulerable? The Gartner group was right. Of course, this is just all my $0.02 Chip McClure - ----- Chip McClure Sr. Unix Administrator GigGuardian, Inc. http://www.gigguardian.com/ - ----- > I think we all agree that connecting an unpatched IIS machine to the > open Internet is acting irresponsibly. Most AUP's already prohibit > spamming, port scanning etc. (at least on paper). Why not include > "infection through negligence" as a reason for suspension? Maybe with a > reasonable grace period the first time. > > Problem is that one ISP can't go it alone. If they pull the plug, they > may loose the customer to a less responsible competitor. > > What do you all think ? -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBO7NpGIxq/3tb9j7EEQI6LwCfSAhkNpvdbSLubufIdNhW+Mm8+bMAoLn/ Oi9C+CE+PXsu6zZW7sctOfdj =2DV+ -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 11:02:29 PDT