Re: Security Absurdity: A long-overdue wake up call

Author	All Replies
Khaine join:2003-03-03 Australia	reply to N O Y B Re: Security Absurdity: A long-overdue wake up call said by N O Y B : Apathy is right. Especially on the part of ISPs that could very easily automate such things as bot detection and automatically shutdown the connection. They could also automate detection and blocking of certain automated types of email address harvesting. Even if you pull the logs from your firewall and send your ISP major offenders nothing is likely to be done. Shutting down the easy to detect high offending bots would go a long ways toward protecting the ignorant computer operator. At least maybe for more the 4 minutes. With all the bots hitting my firewall it’s easy to see how an unprotected computer could be taken control of in a matter of minutes. There are some other things ISPs and corporations need to do as well. Like untying account number and/or login ID from publicly used things such as email address and web space URL, etc. And make all authentication via secure methods, even for SMTP/POP and NNTP, etc. And what happens when a new bot comes out that the ISP doesn't scan for and a customer gets infected and sues the ISP for failure to do its job? You know someone would do it. Currently ISP's are common carriers and don't have any liability for traffic that passes through their network. Buy forcing them to scan users or whatever you could change their legal status and their liability.
Khaine join:2003-03-03 Australia	to forum · permalink · · 2006-05-17 03:52:29 ·
N O Y B St. John 3.16 join:2005-12-15 Forest Grove, OR	said by Khaine : And what happens when a new bot comes out that the ISP doesn't scan for and a customer gets infected and sues the ISP for failure to do its job? You know someone would do it. Currently ISP's are common carriers and don't have any liability for traffic that passes through their network. Buy forcing them to scan users or whatever you could change their legal status and their liability. I don’t think you understand how to detect a bot. You don’t target each specific type. You target by activity. Ex: set up a firewall and start logging unsolicited traffic. Then shutdown the ones that are obviously bots. They are liable if they know of illegal activity and do not take action stop it. You can not provide service to someone knowing they intend to using for conducting illegal activity and claim innocents. It would be like a gun shop selling a gun to a person all the will knowing they intend to us it to commit a crime (armed robbery, murder, etc). There are certain illegal activities taking place on ISP networks by their very on customers and the ISP know it. And I know they know it because I know it too. In the case of bots it does not require scanning all traffic. Bot detection and shutdown is much simpler than that. What I don’t understand is why there are so many in support of the apathetic status quo. Are that many of you actually bot operators and spammers?
	to forum · permalink · · 2006-05-17 13:14:34 ·


Friday, 27-Nov 04:14:19	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF