On Thu, 3 Apr 2003 12:30, Fred Smith wrote: > you may not be familiar with the nimda virus, so i'll give you and > overview of it. it spreads through a hole in an IIS extention, uses an > outrageous amount of bandwidth and effectivley gives anyone root on an > infected machine, via the executables that it places in IIS's scripts > directory.
If you have a million or more customers of which >100,000 are online and active at busy times then one customer can't use any amount of bandwidth that's worth bothering about. When you have 100,000 customers online you can count on some of them being insecure and being actively exploited at any time. You can probably expect about 1000 machines to be compromised at any time. If they all used as much bandwidth as possible then it might be a small problem, but the typical broadband setup of slow upload and fast download generally takes care of that. When you provide ADSL service etc through a number of partners it can be rather difficult to track down who has a particular IP address and then work out how to contact them (hint - many people use a different ISP for email). When an ISP has one permanent employee per 20,000 customers dedicated to tracking such things they can do a good job of it. When they have no employees dedicated to the task and it's something that the network administrators do in addition to their regular tasks it's simply impossible for a large ISP. The only way a big ISP can really control such things properly is to scan all their customers for vulnerabilities and then disconnect them until the vulnerability is fixed. In which case sending them an email won't help. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]