Nightshade
sic semper tyrannis
Premium
join:2002-05-26
Salem, OR
1 edit | Liable?
The only people who should be liable for DDoS attacks is the people who implement the attack in the first place.
Lawyers I swear, are just plain stupid. |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ | Encryption doesn't matter
If a machine is spewing a bunch of junk at an IP at full speed to take down some remote host, it really doesn't matter if it's encrypted or not. The source/destination pairs and volume should indicate something nefarious. |
|
amungus
Premium
join:2004-11-26
America
clubs: | hah
that's a good one. why didn't this guy sue Microsoft when XP was released with raw sockets?
...I still laugh to this day that Gibson was so right...
»www.grc.com/dos/intro.htm |
|
insomniac84
join:2002-01-03
Schererville, IN | reply to sporkme
Re: Encryption doesn't matter
What is the difference in some type of DDOS attack and maxing out your upload and download while using bittorrent. Both cases involve using your connection to its max. |
|
Unregistered user
@ua.edu
| I disagree, up to a point
I don't think anyone wants ISPs to be snooping through their subscribers' packets, if for no other reason that, as soon as they start doing it to watch for DDoS attacks, someone will come along and demand they do it for something else, and before you know it, ISPs will be forced to scrutinize packets for all sorts of content.
However, ISPs do need to take responsibility for getting zombies on their networks cleaned up or shut down. Get rid of zombies, and you get rid of most DDoS attacks, spam, and phishing scams. In all the time I've had broadband (since March 2000), I've never once received anything in my bill informing me of how I might protect and secure my PC. Not that I needed it, but many people do. Putting info on a Web site is nice, but how many of your subs visit that site? I'm a Comcast sub, and I hardly ever visit their site. Why should I? As for e-mail, I've never used the mailbox they gave me. I use Yahoo and Gmail. That way, when I change ISPs, I can keep the same address. I suspect many other people do the same, so any messages sent out by an ISP never get read. How about just sending out one stinkin' bill insert? Just one is all I ask. Or insert one TV spot in unsold local ad slots telling people they should secure their PCs. This would cost Comcast next to nothing, since these timeslots are unsold already.
And when people report zombies, ISPs have an obligation to tell the sub to clean their machine or get cut off. No, it doesn't make the ISP money, but it's the right thing to do. |
|
tickledsomuch
|  huh
why not sue the creator of the internet?? If there was no internet, no DDoS |
|
pende_tim
Premium
join:2004-01-04
Andover, NJ
 ·ProLog
 ·ViaTalk
 ·Verizon Online DSL
| And I am sure...
And I am sure there will be lots of lawyers available to sue the ISP and lots of lawyers available to defend the ISP- each charging several hundred dollars/hour.
I call this statement a practice builder.
The only thing "liable" here for sure is that the lawyers are "liable" to make a lot of money over this.
--
The difference between genius and stupidity is that genius has its limits. |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
1 edit | reply to Nightshade
Re: Liable?
said by Nightshade  :The only people who should be liable for DDoS attacks is the people who implement the attack in the first place. Lawyers I swear, are just plain stupid. Just another lawyer(Lilian Edwards, an internet lawyer based at the University of Southampton, UK) looking for a way to make more money for the leeches of her so-called profession.
--
--
My BLOG
My Web Page |
|
manfmmd
Premium
join:2003-01-14
Earth
clubs:
1 edit | reply to insomniac84
Re: Encryption doesn't matter
In one case you are potentially downloading a legal file...on the other side, in a DDOS attack your machine is being used for malicious purposes. I hope you can see the difference.
I think that ISP's should be held liable if they are given reasonable time to mitigate the threat, say 24 hours, andthey do nothing.
edit:typo |
|
toadlife
Premium
join:2004-05-03
Lemoore, CA | reply to amungus
Re: hah
Gibson was in no way right. DoS attacks today have little/nothing to do with RAW sockets in Windows XP. |
|
thender2
Glamour Profession
Premium
join:2004-05-16
Staten Island, NY
| reply to Nightshade
Re: Liable?
said by Nightshade :The only people who should be liable for DDoS attacks is the people who implement the attack in the first place. Lawyers I swear, are just plain stupid. Telcos should be held liable when someone receives calls from a stalker over their services. They should keep an eye out for sudden call storms that are short but high in frequency.
No. Enough is enough. I don't want authorities to be able to tap my phone without a warrant, I don't want my ISP keeping logs of data on everything I do for two years, I don't want my ISP searching through all of my traffic to determine what they are liable for. I just want my privacy back. 
--
The Problem With Music.
Our Rationale
Time to rewrite the DMCA. |
|
major marco
Res Firma Mitescere Nescit
Premium
join:2003-02-13
Stepford, CA
clubs:
1 edit | reply to Nightshade
said by Nightshade
Lawyers I swear, are just plain stupid.
:
Don't lump sum the entire profession into the same category as the lone, obviously untech savvy moron proposing ISP liability for DDoS attacks. He obviously has no clue as to what he's talking about.
--
The Toll
|
|
AnonDOG
@kaballero.com
| There ISNT an ISP on the Planet ...
Who does not realize that a customer's computer spewing all sorts of nefarious traffic is a liability... NOT because someone might sue... because the customers he services will experience slowdowns and high latency.
There is no reason to hold the average ISP liable for zombies and bots, they will either die the slow death of piss poor service or they will clean up their networks.
When bandwidth costs you money, you conserve it ...
When it doesn't you abuse it and pretend you have a right to it all ...
Bandwidth costs ISPs money. Bandwidth does not cost spammers money. Bandwidth does not cost popup advertizers money.
Anyone can figure out the problem. |
|
Warez_Zealot
Rural land of the rising sun
join:2006-04-19
japan
| reply to Nightshade
Re: Liable?
said by Nightshade :The only people who should be liable for DDoS attacks is the people who implement the attack in the first place. Lawyers I swear, are just plain stupid. I bet he just want to makes money.. I bet these laws would also leave the ISP open to some sort of class action suit. This guy is probably out to make money. Like all "good" lawyers.  |
|
ph03n1x
join:2003-02-15
Sanford, FL
| Looks like somebody...
Looks like somebody went to the Jack Thompson School of Law. Talk about something as if you are an expert and are inherently right, and yet you are completely clueless.
This type of solution would never work. Not only would many people start encrypting traffic, alot of packet inspection would no doubt cause additional overhead on the networks. |
|
battleop
join:2005-09-28
00000
| reply to Unregistered user
Re: I disagree, up to a point
"And when people report zombies, ISPs have an obligation to tell the sub to clean their machine or get cut off"
ISPs should be obligated to take care of this kind of traffic. Telcos are not responsible for prank callers but if they are reported to law enforcement and law enforcement comes to the phone company they are obligated to help track down the problem. If reported to ISPs, this should be handled in a timely manner.
I work for a local ISP and most of these reports come to me. I am quick to whack their connection if they don't respond quickly. I also do a lot of preemptive monitoring for such traffic.
I don't understand why mega huge ISPs don't work to kill this stuff quicker. I guess it's because they have mega deep pockets and their fix for the problem is to throw more bandwidth at the problem. These kinds of things cost ISPs money in bandwidth. |
|
Unregistered user
@ua.edu | I think the reason is simply that they don't care. Kicking customers isn't a moneymaking proposition, even though it's good for the ISP's network and the Internet in general. Still, these companies don't see any money in it. |
|
Desdinova
join:2003-01-26
Gaithersburg, MD | Turnabout Is Fair Play...
I'll agree that the ISP should be held accountable for what their subscribers do when attorney's are held accountable for what their clients do. THAT should be fun to watch...*grin* |
|
John Galt
Forward, March
Premium
join:2004-09-30
Happy Camp
·CenturyLink
| said by Desdinova :I'll agree that the ISP should be held accountable for what their subscribers do when attorney's are held accountable for what their clients do. THAT should be fun to watch...*grin* 
--
A is A |
|
insomniac84
join:2002-01-03
Schererville, IN
| reply to manfmmd
Re: Encryption doesn't matter
But on volume alone, they can't determine threat.
It's also not the ISPs responsibility to run security for your server. 24 hours of a maxed out upload is not proof of anything malicious. If ISPs police malicious computers, then they are going to be pressured to police child porn, copyright violation, the issue of the day, etc. It would be a mess, and ISPs wouldn't have the resources to do it.
Plus what if 50 computers are flooding your server with bad traffic to bring it to a halt? No one computer's traffic is causing you harm, it's only the combination of all of them together. They could all have different ISPs. No single ISP would see anything bad or be able to stop the attack. |
|
