If they sell routing services, they must only route for source addresses they control.
They are not looking at the content of the packets but at the envelope (headers). This
is where they, like other common carriers, are responsible. When a telephone company
sets up a long distance call, it is responsible that the Caller ID is either correct
or blank. But they can't let it be for an exchange that they don't run.
If the ISP allows non-standard practices (and now with RFC, egress filtering is
recommended standard), then it is responsible for illegal use of its practices. To be
covered by common-carrier laws, one has to follow standard common carrier protocols.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Paul D. Robertson
Sent: Friday, June 08, 2001 20:06
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: This is a must read document. It will freak you out
On Fri, 8 Jun 2001 [EMAIL PROTECTED] wrote:
> When the fist ISP looses a $10 million lawsuit becuase it didn't do egrees
> filtering and its servers were used for a DDoS attack, then egress filtering
> will become standard.
> But who is willing to start the suit?
That's actually a difficult suit to try to bring:
1. Most ISPs aren't the one with server problems, their customers are, so
that's not the transit provider's fault.
2. While the "Common Carrier" status hasn't been fully fleshed out,
anything *other* than CC status for ISPs will make them lawsuit central,
and that's so dangerous a precedent that it'd kill most Tier-2 providers.
3. If the originating ISP isn't your ISP, then they're simply handing
frames to your ISP, who's the one responsible for delivering them to you.
Since that's what you contracted for, and the ISP isn't the cause of the
traffic, it's a difficult one to win.
The attacker is the guilty party here, and blaming the victim might seem
fun- but "she was asking for it, she was wearing a short patch kit"
doesn't sit well with me.
The first time anyone gets a good civil judgement against somone for not
securing their servers, all the ambulance chasers will become packet
chasers. I doubt many of us will be out celebrating after that happens.
Now, sue the people causing the attacks in civil court for attacking
innoncent victims, and you've got a precedent I can live with.
If instead of getting chatty with them trying to play supersleuth, Gibson
had fired up a lawyer with a couple of subpoenas and gotten the kids and
their parents into a courtroom his story would have been more compelling.
By this time, surely he can show losses and interruption of interstate
commerce enough to have even gotten the Feds to help out.
Paul
-----------------------------------------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
