Re: Nimda versus ISP responsibility

From: geoff (
Date: 09/27/01

From: geoff <>
Subject: Re: Nimda versus ISP responsibility
Date: Thu, 27 Sep 2001 16:08:40 -0400
Message-ID: <>

On Thu, 27 Sep 2001 10:59:49 -0700 (PDT), Chip McClure <>

>Hash: SHA1
>On Thu, 27 Sep 2001, Luc Pardon wrote:
>I agree whole-heartedly with you on this issue. I believe it is the users
>responsibility keeping their machines patched, up to date, and secure.
>Whether they are technically minded or not. It is not the ISP's
>responsibility to police all their users, however, given the high number
>of infections, and network saturation of bandwidth, something has to be
>done. Unfortunately, for the ISP's, they would bear the burden of
>implementing filters (which I disagree with), or suspending accounts of
>infected users' machines. If a customer is detected as having an infected
>machine, give em a 24 hour shut-off notice. The ISP also looses money by
>an infected customer. They need to pay the increased costs of bandwidth,
>for the infected machines. I think the ISP wins in the long run, getting
>rid of a few infected users.

Interestingly, I believe that we are one of the few ISP's that actually uses a
quarantine method, ie at first sign of infection or other security issue we will
disconnect the customer, notify them via voice, and dispatch a field service
tech to their location if necessary. Of course this has a few issues as well.
One being that I was specifically involved in getting a provision put into our
contracts that we have the right of temporary disconnection without written
notification for up to 15 days, and indefinite once notified. Secondly we have
lost a few customers because of this but I have convinced management to see this
as a net gain citing specifically the costs involved in processing abuse
incidents as well as others (bandwidth savings...). Also this does take up
resources on our end, but we feel its worth it.

>A vulnerable machine left on the internet, is like leaving your wallet,
>credit cards, and your front door wide open. Nobody else wopuld do that -
>and it shouldn't happen here.

While I don't agree with this specific analogy, the sentiment is relatively
close to mine. So no quibble there.

>This also opens up a new door - what to do about the corporate systems on
>the net which are infected / vulerable?
>The Gartner group was right. Of course, this is just all my $0.02

Yes, yes they are. We have made an effort to inform our customers of this and
try hard to convince them to out source things that may require any MS product.

>Chip McClure
>- -----
>Chip McClure
>Sr. Unix Administrator
>GigGuardian, Inc.

BTW: I do not speak for my company....etc.


A UI is about making the computer's power easy to exploit, not about making new users feel comfortable. --

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see:

Relevant Pages

  • Re: Nimda versus ISP responsibility
    ... responsibility keeping their machines patched, up to date, and secure. ... of infections, and network saturation of bandwidth, something has to be ... The ISP also looses money by ...
  • Superworm seizes 9m PCs, stunned researchers say
    ... try to explain this newest Windoze malware away. ... infections in the past four days, bringing the total number of machines ... "This thing has gotten way out of hand," said Paul Ferguson, a security ...
  • Re: RE: Worm attack on our network this morning -- anyone else see this?
    ... The number of infections has stabilized -- only one new ... laptop and then spread to unpatched internal machines. ... World renowned security experts reveal tomorrow's threats today. ... Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. ...
  • Re: Article: Mac OS fails to interest anyone
    ... spam bot, and by the hundred thousands as well. ... chances are those "hundreds of thousands" of infected machines ... get the infections." ... OS X is not even partially based on FreeBSD - Snit ...
  • Nimda Infections and code red resurgence
    ... Nimda Infections and code red resurgence ... The population of unpatched machines is now sparse enough that it takes ... still worthwhile reporting incidents particularly if they are coming ...