Security Incidents mailing list archives

RE:Nimda et.al. versus ISP responsibility ---> a few thoughts

From: Marc Ducharme <MDucharme () ViaNovus com>
Date: Thu, 27 Sep 2001 11:34:23 -0700

This is only one aspect of the problem. 

People who create and distribute these should be brought to justice. It is
really a form of cyber-terrorism and should be punished the same way as
people who place bombs. Granted, there is less violence, but the intent is
the same.

Ultimately, MS has a large share of responsability when they release
software that can be exploited in such a fashion. We need some
accountability here. 

I also think that ISPs could react to protect their clients when worm
spreads. Adding a few lines to their routers to block a worm's profile
should not be a big deal. 


Marc Ducharme 
IT consultant







   I'd like the opinion of the list on the attitude of ISP's versus
worms. It is clear that we're going to see more of this.

  I think we all agree that connecting an unpatched IIS machine to the
open Internet is acting irresponsibly. Most AUP's already prohibit
spamming, port scanning etc. (at least on paper). Why not include
"infection through negligence" as a reason for suspension? Maybe with a
reasonable grace period the first time. 

  Problem is that one ISP can't go it alone. If they pull the plug, they
may loose the customer to a less responsible competitor.

  Unlike spammers, most worm victims are "offending" out of ignorance.
Such a provision in the AUP would likely get their attention and maybe
cause a mind shift towards "Unpatched Is Bad (tm)".

  What do you all think ?

  Luc Pardon
  Skopos Consulting
  Belgium

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com



 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

RE:Nimda et.al. versus ISP responsibility ---> a few thoughts Marc Ducharme (Sep 27)
- RE:Nimda et.al. versus ISP responsibility ---> a few thoughts Kee Hinckley (Sep 27)
- <Possible follow-ups>
- RE:Nimda et.al. versus ISP responsibility ---> a few thoughts Bill_Royds (Sep 27)
- RE: Nimda et.al. versus ISP responsibility ---> a few thoughts Alejandro Mezcua (Sep 27)