Security Incidents mailing list archives
Re: Attitude problem.
From: "Booth, David CWT-MSP" <dbooth () CARLSON COM>
Date: Mon, 25 Sep 2000 09:09:24 -0500
From: Greg A. Woods [mailto:woods () weird com]
<snip>
Remember that end-user ISPs in general have literally no responsibility for the state of their customer's machines. Of course they must prevent their customers from from doing really bad things, such as sending packets with spoofed addresses, allowing open SMTP relays, etc., but there's not much they can do about a rooted customer box except send a warning to the customer (hopefully "out-of-band" so the cracker can't "deal" with it!).
<snip> I agree, but theres a big problem here.. Joe Q Cracker gets hold of somebodys machine on, for example, the @home network... I as just another sysadmin out there have no point of contact for the admins of that machine apart from the ISP - Theres no way for me to query the ISPs data and find out who owns that account and nor should there be. All I can do is contact the ISP and tell them that one of their customers has a box thats behaving suspiciously and may well be compromised. I HAVE to trust them to pass that warning on and be alert to the behaviour of that machine. It would go a long way towards improving the reputation of cable modem and other broadband providers if they would at least confirm that they had done this bare minimum. If anything remotely suspicious was coming out of my home LAN I'd hope my ISP would contact me so I can fix it.... After all, my firewall is as good as I can make it but I'd be a fool to consider my machines invulnerable. Thats why I read lists like this one :) Dave.
Current thread:
- Attitude problem. Booth, David CWT-MSP (Sep 22)
- Re: Attitude problem. Greg A. Woods (Sep 24)
- <Possible follow-ups>
- Re: Attitude problem. Booth, David CWT-MSP (Sep 25)
- Re: Attitude problem. f4 (Sep 25)