Nimda et.al. versus ISP responsibility

From: Luc Pardon (lucp@skopos.be)
Date: 09/27/01

• Previous message: Patrick Andry: "Re: pubdestroyer2001.exe via anonymous FTP?"
• Next in thread: John Campbell: "RE: Nimda et.al. versus ISP responsibility"
• Reply: John Campbell: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Chip McClure: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Ad***, Matt: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Neil Dickey: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Michael B. Morell: "RE: Nimda et.al. versus ISP responsibility"
• Reply: John Oliver: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Rich Puhek: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Dave Salovesh: "RE: Nimda et.al. versus ISP responsibility"
• Reply: UMusBKidN@aol.com: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Mogull,Rich: "RE: Nimda et.al. versus ISP responsibility"
• Reply: ahoward@noerrors.com: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Stephen Villano: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Chad Mawson: "RE: Nimda et.al. versus ISP responsibility"
• Reply: UMusBKidN@aol.com: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Brian Cervenka: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Tony Langdon: "RE: Nimda et.al. versus ISP responsibility"
• Reply: terry white: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Dean Cunningham: "RE: Nimda et.al. versus ISP responsibility"
• Reply: ahoward@noerrors.com: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Smith, Mark: "RE: Nimda et.al. versus ISP responsibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <3BB358C6.9281278B@skopos.be>
Date: Thu, 27 Sep 2001 18:50:14 +0200
From: Luc Pardon <lucp@skopos.be>
To: incidents@securityfocus.com
Subject: Nimda et.al. versus ISP responsibility

   I'd like the opinion of the list on the attitude of ISP's versus
worms. It is clear that we're going to see more of this.

  I think we all agree that connecting an unpatched IIS machine to the
open Internet is acting irresponsibly. Most AUP's already prohibit
spamming, port scanning etc. (at least on paper). Why not include
"infection through negligence" as a reason for suspension? Maybe with a
reasonable grace period the first time.

  Problem is that one ISP can't go it alone. If they pull the plug, they
may loose the customer to a less responsible competitor.

  Unlike spammers, most worm victims are "offending" out of ignorance.
Such a provision in the AUP would likely get their attention and maybe
cause a mind shift towards "Unpatched Is Bad (tm)".

  What do you all think ?

  Luc Pardon
  Skopos Consulting
  Belgium

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

---

• Previous message: Patrick Andry: "Re: pubdestroyer2001.exe via anonymous FTP?"
• Next in thread: John Campbell: "RE: Nimda et.al. versus ISP responsibility"
• Reply: John Campbell: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Chip McClure: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Ad***, Matt: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Neil Dickey: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Michael B. Morell: "RE: Nimda et.al. versus ISP responsibility"
• Reply: John Oliver: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Rich Puhek: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Dave Salovesh: "RE: Nimda et.al. versus ISP responsibility"
• Reply: UMusBKidN@aol.com: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Mogull,Rich: "RE: Nimda et.al. versus ISP responsibility"
• Reply: ahoward@noerrors.com: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Stephen Villano: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Chad Mawson: "RE: Nimda et.al. versus ISP responsibility"
• Reply: UMusBKidN@aol.com: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Brian Cervenka: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Tony Langdon: "RE: Nimda et.al. versus ISP responsibility"
• Reply: terry white: "Re: Nimda et.al. versus ISP responsibility"
• Reply: Dean Cunningham: "RE: Nimda et.al. versus ISP responsibility"
• Reply: ahoward@noerrors.com: "RE: Nimda et.al. versus ISP responsibility"
• Reply: Smith, Mark: "RE: Nimda et.al. versus ISP responsibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > incidents  > 2001-09