Eventually all the bad customers end up with the same ISP, then
filtering is as easy as running loose uRPF and filtering on their AS on input.
And that's why we can all safely dump anything from aol.com into /dev/null,
right? ;)
Rob Nelson
[EMAIL PROTECTED]
* [EMAIL PROTECTED] (Owen DeLong) [Sun 13 Jun 2004, 18:38 CEST]:
I'd much rather see the people who don't pay for security get
disconnected when abuse spews forth from their network. Then, they
should have to clean up their site and pay a cleanup fee to get
reconnected.
... To their new
8 to 10 years ago the discussions were dominated by Karl D(1),
where *everything* was defined as to whether is was actionable or not.
Googling for Karl Denninger and actionable only gets 30 hits
but, oh the nostalgia of it all...
Check out http://www.denninger.net to see that he is still
Niels Bakker wrote:
... To their new ISP, which they will very likely move to, after getting
disconnected one time too many by their old one?
After round three, this will have changed the current setup how? (Except
that the then-negligent ISPs have ended up with all the income.)
Eventually all
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [Mon 14 Jun 2004, 12:20 CEST]:
Check out http://www.denninger.net to see that he is still
alive and kicking and protesting one thing or another.
Would you buy an anti-spam solution from a man that requires the
inclusion of certain keywords in the subject
Wow he has changed and toned down a lot from those
days
-Henry
--- [EMAIL PROTECTED] wrote:
8 to 10 years ago the discussions were dominated
by Karl D(1),
where *everything* was defined as to whether is
was actionable or not.
Googling for Karl Denninger and actionable only
gets 30
No... The negligent ISPs end up with all the abusing customers and have a
hard time getting transit themselves. Eventually, you end up with two
internets... One run by and for the abusers and negligent, one for everyone
else. I have no problem with that.
Owen
pgpRbSMzhv6Mo.pgp
Description: PGP
- Original Message -
From: Adi Linden [EMAIL PROTECTED]
Clean internet is more than just valid IP datagrams to my IP address. If I
connect to my ISP and do nothing beyond that, not a single packet, I
expect to not receive any packets either. If I initiate a GET request to a
web
- Original Message -
From: Adi Linden [EMAIL PROTECTED]
if I send an ISP reasonable proof that a
broadband customer hits my mailserver with thousands of emails an hour I
should be able to expect an immediate response. Not hours, days or weeks,
minutes and the originating account
Owen DeLong wrote:
No... The negligent ISPs end up with all the abusing customers and have a
hard time getting transit themselves. Eventually, you end up with two
internets... One run by and for the abusers and negligent, one for everyone
else. I have no problem with that.
There should be a
A response doesn't mean the ISP doesn't also investigate. Reasonable proof
is reasonable proof. The logs are a good start, but, the ISP should review
his own logs, and, check the currently active traffic patterns too. If
there
isn't any evidence, the ISP shouldn't shut the customer down. If
* [EMAIL PROTECTED] (Petri Helenius) [Mon 14 Jun 2004, 13:07 CEST]:
Niels Bakker wrote:
... To their new ISP, which they will very likely move to, after
getting disconnected one time too many by their old one?
After round three, this will have changed the current setup how?
(Except that the
Niels Bakker wrote:
Except that the majority of people may have ended up at such ISPs (note
plural). Can you afford not to talk to them?
Majority of people living in bad neighborhoods would be news. I´ll take
sides if that happens.
For how long did you stick with just UUCP after SMTP entered
On Monday 14 June 2004 21:35, Petri Helenius wrote:
Niels Bakker wrote:
Except that the majority of people may have ended up at such ISPs (note
plural). Can you afford not to talk to them?
Majority of people living in bad neighborhoods would be news. I´ll take
sides if that happens.
For
On Mon, 14 Jun 2004, Paul S. Brown wrote:
On Monday 14 June 2004 21:35, Petri Helenius wrote:
Niels Bakker wrote:
Except that the majority of people may have ended up at such ISPs (note
plural). Can you afford not to talk to them?
Majority of people living in bad neighborhoods
Niels Bakker wrote:
Except that the majority of people may have ended up at such ISPs (note
plural). Can you afford not to talk to them?
For how long did you stick with just UUCP after SMTP entered the scene?
* [EMAIL PROTECTED] (Christopher L. Morrow) [Mon 14 Jun 2004, 23:35 CEST]:
I
i support four sites uucp over tcp, and i don't really know why
they want it. i support one with good old-fashioned dial-up
pots uucp.
randy
On Mon, 14 Jun 2004, Niels Bakker wrote:
Niels Bakker wrote:
Except that the majority of people may have ended up at such ISPs (note
plural). Can you afford not to talk to them?
For how long did you stick with just UUCP after SMTP entered the scene?
* [EMAIL PROTECTED] (Christopher
...
If we give some people an option to opt-out, most grandmothers will
probably follow Paul's example and save the few bucks every month and not
use the security features. Should ISPs charge for security like the
Universial Service Fund fee on your telephone bill, everyone (not just
The better analogy is what happens when you leave your oven on for 8 days
straight? Assuming your house doesn't burn down, should you have to pay the
electric bill for those 8 days? Hell yeah. It's impossible to separate what
was legit energy use and what was from the oven, and it's not
--On Saturday, June 12, 2004 1:17 PM -0500 Adi Linden [EMAIL PROTECTED]
wrote:
That's like saying provide safe electricity. If someone has a toaster
where the wire cracks and they electrocute themselves, or a hair dryer
that isn't safe in the bathtub, do you complain that the electric
company
On Sun, Jun 13, 2004, Adi Linden wrote:
The reason this isn't economical today is because ISP lack any
responsiblity. It is cheaper for an ISP to buy more bandwidth and pass the
worms and viruses customers PCs spew to the internet than it is to deal
with the problem. Seriously, if I send
I'd much rather see the people who don't pay for security get disconnected
when abuse spews forth from their network. Then, they should have to clean
up their site and pay a cleanup fee to get reconnected.
Perhaps what is needed is a reporting agency, similar to the credit
reporting
agencies,
[EMAIL PROTECTED] (Owen DeLong) writes:
Perhaps what is needed is a reporting agency, similar to the credit
reporting agencies, where ISPs can register chronic problem-customers.
Eventually, your internet credit rating deteriorates to the point that no
ISP will offer you service.
it is with
The reason this isn't economical today is because ISP lack any
responsiblity. It is cheaper for an ISP to buy more bandwidth and pass the
worms and viruses customers PCs spew to the internet than it is to deal
with the problem. Seriously, if I send an ISP reasonable proof that a
And that is a problem. Unlike your electricity, where the supplier has an
obligation to provide a certain level of clean energy, there is nothing
like it with internet bandwidth. All the crud and exploits are dutyfully
forwarded to the customer.
Clean internet service is internet service that
[EMAIL PROTECTED] (Adrian Chadd) writes:
... I WANT my ISP to require more than just some third party saying
holy crap, someone's spitting out crap at me. Suspend!. Obviously you've
not been handed Norton Personal firewall logs which CONCLUSIVELY PROVE,
as far as the user is concerned, that
Paul,
Actually, credit agencies don't have a single standard for what
bad is; they are obligated to only keep factual data (as can
be best determined) in the files. When you cause a credit
report to be checked, one or more algorithms are used to
score your credit, but the
:
: My arguments are in respect to broadband connections to homes and offices
: without IT department, firewalls or cluefulness. If you own your own IP
: space you'd be considered an ISP, buying transit rather than broadband
: home DSL. What the physical wire looks like the service is delivered
As I said earlier in private mail to John, I think this will only work if
the reporting is done on indivuduals, not companies. For non-corporate
business entities, the president of the company should be used as a stand-in
for the company. For corporate business entities, the CEO or chairman of
[edited to fix top posting; snipped for bandwidth]
John Curran wrote:
At 4:50 PM + 6/13/04, Paul Vixie wrote:
[EMAIL PROTECTED] (Owen DeLong) writes:
Perhaps what is needed is a reporting agency, similar to the credit
reporting agencies, where ISPs can register chronic
My arguments are in respect to broadband connections to homes and offices
without IT department, firewalls or cluefulness. If you own your own IP
space you'd be considered an ISP, buying transit rather than broadband
home DSL. What the physical wire looks like the service is delivered on
Or, go see the movie Super Size Me - you might just give up McDonald's
entirely, reducing your risk of burns from their overheated coffee. :)
Haven't been in one on over 2 years - and not through any great principal, I
just stopped. Odd how our tastes change with age ;-)
Peter
On Sat, 12 Jun 2004, Paul Vixie wrote:
in any other industry, you (the isp) would do a simple risk analysis
and start treating the cause rather than the symptom.
What other industry do you know where you are expected to fix products
you didn't sell and didn't cause for free? Should we revoke
- Original Message -
From: Randy Bush [EMAIL PROTECTED]
To: Jonathan Nichols [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, June 11, 2004 3:32 PM
Subject: Re: Points on your Internet driver's license (was RE: Even you can be hacked)
http://lawandhelp.com/q298-2.htm
while i
Sean Donelan wrote:
and you would certainly not offer your services without a clear idea of how
to reach the customer and assist them in getting out of cyberjail --
Done. Effectiveness?
If you do this and keep them there until they are fixed, your network
should qualify as a good
Been there, done that. Got any new ideas?
Provide a safe network connection. I believe an ISP should provide a safe
environment to play, assuming the customer is innocent granny. Your
average DSL network connection should be safe by default, so a default
Win98 (or any other OS) can be
On Saturday 12 June 2004 14:53, Adi Linden wrote:
Been there, done that. Got any new ideas?
Provide a safe network connection. I believe an ISP should provide a safe
environment to play, assuming the customer is innocent granny. Your
average DSL network connection should be safe by
- Original Message -
From: Adi Linden [EMAIL PROTECTED]
Provide a safe network connection. I believe an ISP should provide a safe
environment to play, assuming the customer is innocent granny. Your
average DSL network connection should be safe by default, so a default
Win98 (or any
Maybe I'm a little slow on the draw, but I've just now realized
that we've come full circle, in a strange sort of way.
8 to 10 years ago the discussions were dominated by Karl D(1),
where *everything* was defined as to whether is was actionable or not.
Now the discussions are dominated by many
[EMAIL PROTECTED] (Sean Donelan) writes:
in any other industry, you (the isp) would do a simple risk analysis
and start treating the cause rather than the symptom.
What other industry do you know where you are expected to fix products
you didn't sell and didn't cause for free?
risk
The problem with this is one of who pays for it.
The customer.
You are talking about an environment where the newcomers and non-experts
require significantly more intervention in how things are done and what they
can do than the more experienced hands.
I am talking about an environment
That's like saying provide safe electricity. If someone has a toaster where
the wire cracks and they electrocute themselves, or a hair dryer that isn't
safe in the bathtub, do you complain that the electric company should
provide safe electricity?
The problem with all the comparisions is
Adi Linden wrote:
To compare this with the electricity company, the average home with a
200A
service is equivalent to NATed and firewalled internet bandwidth. As your
electricity demands grow (for whatever reason) the electricity company
upgrades your service, to 3 phase, 600V, whatever. Same
If we would properly follow the analogy above, ISPs should provide a
security fuse which would disconnect the user when blown. Paul called
this cyberjail if I follow his thoughts. All efforts above this should
be charged separately or be part of better general level of service.
You can
So you claim even the ISPs you ran yourself have never attempted to do
any of these things?
the last access-side isp i had anything to do with running used uucp and
shell and was just getting going on c-slip when i pushed off. (i assure
that any rmail or rnews spam was grounds for suspension
To compare this with the electricity company, the average home with a 200A
service is equivalent to NATed and firewalled internet bandwidth. As your
electricity demands grow (for whatever reason) the electricity company
upgrades your service, to 3 phase, 600V, whatever. Same with internet
On Sun, 13 Jun 2004, Paul Vixie wrote:
If you didn't do them, why do you think other people should?
so you aren't going to google for chemical polluter business model, huh?
I hope you also google for Nonpoint Source Pollution.
ISPs don't put the pollution in the water, ISPs are trying to
On Sun, 13 Jun 2004, Paul Vixie wrote:
If you didn't do them, why do you think other people should?
so you aren't going to google for chemical polluter business
model, huh?
I hope you also google for Nonpoint Source Pollution.
ISPs don't put the pollution in the water, ISPs are
On Sat, 12 Jun 2004, Paul Vixie wrote:
Send me your root passwords. Trust me.
you should offer this service. most of us would urge our parents'
generation to sign up for it. (i hope you weren't joking.)
As you keep pointing out, a problem with current Internet security is
its opt-in
so you aren't going to google for chemical polluter business model, huh?
I hope you also google for Nonpoint Source Pollution.
ISPs don't put the pollution in the water, ISPs are trying to clean up
the water polluted by others. ISPs are spending a lot of money cleaning
up problems
[EMAIL PROTECTED] (David Schwartz) writes:
ISPs don't put the pollution in the water, ISPs are trying to clean up
the water polluted by others. ISPs are spending a lot of money cleaning
up problems created by other people.
ISPs do put the pollution in the water. They own/run the
On Fri, 11 Jun 2004, David Schwartz wrote:
generated by a worm. The ISP had an obligation to stop this traffic with
filters or customer disconnection. They may or may not have complied with
their obligation. Either way, it's hard to see why the customer should pay
for traffic the ISP did not
we americans do not readily accept responsibility for our
[in]actions. we sue for being hit by a baseball while
attending a game. we sue for spilling hot coffee on
ourselves. we sue when we walki into open trenches and
manholes. and we self-righteously torture, commit war
crimes, and murder,
If your child borrows your credit card, and makes lots of unathorized
charges, you may not have to pay more than $50; but the bank can go after
your son or daughter for the money. Most parents end up paying, even if
they didn't authorize their children to use the credit card.
So the credit
Scalable bandwidth is not new and is charged for, what
is the issue about that?
If the network is compromised and it is on the client
end, that is what business insurance is for, so that
everyone gets their's (payments, otherwise other types
of arrangements need to be made, according to the
attending a game. we sue for spilling hot coffee on
ourselves.
http://lawandhelp.com/q298-2.htm
Interesting reading on that whole woman sues for spilling hot coffee on
herself story. Sometimes there's a LOT more to the tale. :)
http://lawandhelp.com/q298-2.htm
while i am no fan of macdonalds, and a good case is made for
their negligence, perhaps you should follow the advice at the
bottom of that web page
The most important message this case has for you, the
consumer, is to be aware of the potential danger
Randy Bush wrote:
http://lawandhelp.com/q298-2.htm
while i am no fan of macdonalds, and a good case is made for
their negligence, perhaps you should follow the advice at the
bottom of that web page
The most important message this case has for you, the
consumer, is to be aware of the
[EMAIL PROTECTED] (Sean Donelan) writes:
...
Why do so many people ignore their ISP when told about problems with
their computer? My computer can't be infected, I have a firewall.
in any other industry, you (the isp) would do a simple risk analysis
and start treating the cause rather than
alas. on the internet, nobody knows you're a dog.
http://www.nettime.org/Lists-Archives/nettime-l-0405/msg00057.html
61 matches
Mail list logo