North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Even you can be hacked
On Jun 10, 2004, at 11:49 PM, David Krikorian wrote:
Sometimes the provider shares the responsibility with the offender.Not a valid comparison. The ISP did not leave the Internet line outside your house, nor have they any responsibility to secure your systems.
In fact, most users would get upset at a provider meddling in their systems.
Similarly, if I'm under an attack that is consuming my bandwidth, I'd expectYou have your router, it gives you stats. And what part is the ISP supposed to do to shut down an attack? Did you pay for the ISP to monitor your line and proactively shut down an attack? Did you give the ISP permission to filter traffic of certain types? If you get /.'ed or run a promotion on your web site and the ISP filters the traffic as an attack, will you be upset?
If I complained to the ISP about the attack, and nothing were done about itIf you ask the ISP to take action and they do not, it is a _TOTALLY_ different story.
Of course, in the original post, the ISP informed the end user of his problem, and even forgave his first month's bill. Wouldn't you say the ISP was being more than nice?
I think one metric of "reasonableness" is how big a surprise the added costThat's a fine metric, but by no means a perfect one.
Many companies have "flash crowds", get /.'ed, run promotions, get mentioned in a blog somewhere, etc., etc., etc. The resulting traffic can be very out-of-profile, but still very wanted.
Nice ISPs call or e-mail the customer and mention this change. But there is no responsibility to do so in any contract I have seen that does not include extra charges for security purposes.
You signed a contract that said you would pay for usage. Therefore you had warning. You are over 18, you are supposed to know what you are doing when you sign a contract. (And if you don't, no one cares anyway. :)Yes, when that responsibility doesn't already belong to someone else who canTake some responsibility.
As for someone else being held accountable, that depends on your definition of "can be held accountable". The worm writers are "accountable" in my book, but they cannot "be held accountable" because they will likely never be caught. (And if they are, no way will they be able to pay.)
Should the ISP have to pay their transit bill while you get to blame a faceless perpetrator? Or do you hold any responsibility and need to pay for the bandwidth your system consumed on the line you agreed to purchase, whether you personally sent the bits or not?