As I have said before and I will say again and again and again.. Being a former ISP Admin (luckily I am not one anymore), I have always been an admin, that was quite willing to curtail the clients abilities, for the sake of security. In my case I did Firewall ports of less then 1024, I did run network sweeps for various trojans, and for proxy servers, I did test those proxy servers, for vulnerabilities. And I made sure to place it within the Terms of Use. Also in our Terms of Use, was the content that limited our liabilities for illegal content, or abuse of our systems. We also added to our firewall, one simple rule, all ip packets must contain one of our local IP Addresses, this right there eliminated possible spoofs, as well as smurfing, though if I had time I would have placed the rule on the terminal servers instead. And for people who were vulnerable, they were notified to resolve this problem, and I would give them pointers on where to get what they needed (which was a local website in this case, but damn MS they almost totally killed this option, with windows update) For People running servers, if they were on low ports I didn't pay attention, mainly because they were ineffective, unless their machines were doing something they shouldn't be doing, like sending out spam, and in this case the account was disabled. For People who were attempting to use our network for abuse, the account was disabled, and depending on the type of abuse, would also allow for what type of reaction, such as calling in Law Enforcement or not. On 27 Sep 2001 at 15:38, Greg Dotoli wrote: Date sent: 27 Sep 01 15:38:28 EDT From: Greg Dotoli <gdotoliat_private> To: Matt <Matthew.Adcockat_private>, lucpat_private <lucpat_private>, incidentsat_private Subject: Re: [RE: Nimda et.al. versus ISP responsibility] Mailer: USANET web-mailer (53CM.0801.1.09A) > I am logging IIS and wrote a script to extract from the log the offending IPS > and return their DNS names. The number of residential DSL and Cable hosts is > close to 90 %. These worms are thriving in the non-protected home space. There > are too many unsafe ISPs. > > Greg > > > > "Adcock, Matt" <Matthew.Adcockat_private> wrote: > <quote> > I think we all agree that connecting an unpatched IIS machine to the > open Internet is acting irresponsibly. Most AUP's already prohibit > spamming, port scanning etc. (at least on paper). Why not include > "infection through negligence" as a reason for suspension? Maybe with a > reasonable grace period the first time. > </quote> > > I agree that the end administrator is ultimately responsible. The ISPs > could also help by filtering this traffic. It would take an infrastructure > upgrade that would end up costing the consumer, but I personally would be > willing to pay a little more. Maybe give users a choice between being on a > filtered network or an open network? > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. For more > information on this free incident handling, management and tracking system > please see: http://aris.securityfocus.com > > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. For more > information on this free incident handling, management and tracking system > please see: http://aris.securityfocus.com > > --- Jason Robertson Network Analyst jasonat_private http://www.astroadvice.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 13:37:30 PDT