Let me toss in my perspective as an "end user"... I would rather have my ISP call me up and say "You've got something on your system that's sending out crap - get it off or lose your connection. Call me back before close of business today and tell me which it's going to be" than to have them implement filters and possibly mess up my connectivity with them. And, in simple point of fact, the above has happened to me. I got caught out with something (don't know what it was, don't care what it was) in late June / early July and got the call above. I took all my local systems off the network, and formatted and reinstalled them, then put data back from backup as needed. I told the ISP when they called what I was going to do, and they were fine with that. So, it took me a weekend of working to get everything back in place, and updated with all the latest patches (including the ones I had missed). Small price to pay to learn what I should have already known, and to keep my connectivity open so that *I* can decide what comes into my network, not someone who I will never see face-to-face. Of course, we all know that "Great Aunt Sadie" will likely not be able or willing to do this, so providing a choice would be great. But make sure the choice is available, please. > -----Original Message----- > From: Adcock, Matt [mailto:Matthew.Adcockat_private] > Sent: Thursday, September 27, 2001 13:57 > To: 'lucpat_private'; incidentsat_private > Subject: RE: Nimda et.al. versus ISP responsibility > > > <quote> > I think we all agree that connecting an unpatched IIS machine to the > open Internet is acting irresponsibly. Most AUP's already prohibit > spamming, port scanning etc. (at least on paper). Why not include > "infection through negligence" as a reason for suspension? Maybe with a > reasonable grace period the first time. > </quote> > > I agree that the end administrator is ultimately responsible. The ISPs > could also help by filtering this traffic. It would take an > infrastructure > upgrade that would end up costing the consumer, but I personally would be > willing to pay a little more. Maybe give users a choice between > being on a > filtered network or an open network? > > > ------------------------------------------------------------------ > ---------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 13:03:03 PDT