 
Nightshade
sic semper tyrannis
Premium
join:2002-05-26
Salem, OR
1 edit | Liable? The only people who should be liable for DDoS attacks is the people who implement the attack in the first place.
Lawyers I swear, are just plain stupid. | |
|
 | 
LiamJunket
Premium
join:2002-03-03
Ocean City, NJ
 ·Comcast
1 edit | Re: Liable? said by Nightshade  :The only people who should be liable for DDoS attacks is the people who implement the attack in the first place. Lawyers I swear, are just plain stupid. Just another lawyer(Lilian Edwards, an internet lawyer based at the University of Southampton, UK) looking for a way to make more money for the leeches of her so-called profession.
--
--
My BLOG
My Web Page | |
|
| 
thender2
Glamour Profession
Premium
join:2004-05-16
Staten Island, NY
| said by Nightshade :The only people who should be liable for DDoS attacks is the people who implement the attack in the first place. Lawyers I swear, are just plain stupid. Telcos should be held liable when someone receives calls from a stalker over their services. They should keep an eye out for sudden call storms that are short but high in frequency.
No. Enough is enough. I don't want authorities to be able to tap my phone without a warrant, I don't want my ISP keeping logs of data on everything I do for two years, I don't want my ISP searching through all of my traffic to determine what they are liable for. I just want my privacy back. 
--
The Problem With Music.
Our Rationale
Time to rewrite the DMCA. | |
|
| |
| Warez_Zealot
Rural land of the rising sun
join:2006-04-19
japan
| said by Nightshade :The only people who should be liable for DDoS attacks is the people who implement the attack in the first place. Lawyers I swear, are just plain stupid. I bet he just want to makes money.. I bet these laws would also leave the ISP open to some sort of class action suit. This guy is probably out to make money. Like all "good" lawyers.  | |
|
| 
batterup
I Can Not Tell A Lie.
Premium
join:2003-02-06
Netcong, NJ
clubs:
 ·Verizon Online DSL
| said by Nightshade :The only people who should be liable for DDoS attacks is the people who implement the attack in the first place. Lawyers I swear, are just plain stupid. Lawyers smell money and know where it is. The snot nosed script kiddies only have pimples, ISP's have money. | |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ | Encryption doesn't matter If a machine is spewing a bunch of junk at an IP at full speed to take down some remote host, it really doesn't matter if it's encrypted or not. The source/destination pairs and volume should indicate something nefarious. | |
|
| 
insomniac84
join:2002-01-03
Schererville, IN | Re: Encryption doesn't matter What is the difference in some type of DDOS attack and maxing out your upload and download while using bittorrent. Both cases involve using your connection to its max. | |
|
| | 
manfmmd
Premium
join:2003-01-14
Earth
clubs:
1 edit | Re: Encryption doesn't matter In one case you are potentially downloading a legal file...on the other side, in a DDOS attack your machine is being used for malicious purposes. I hope you can see the difference.
I think that ISP's should be held liable if they are given reasonable time to mitigate the threat, say 24 hours, andthey do nothing.
edit:typo | |
|
| | |
insomniac84
join:2002-01-03
Schererville, IN
| Re: Encryption doesn't matter But on volume alone, they can't determine threat.
It's also not the ISPs responsibility to run security for your server. 24 hours of a maxed out upload is not proof of anything malicious. If ISPs police malicious computers, then they are going to be pressured to police child porn, copyright violation, the issue of the day, etc. It would be a mess, and ISPs wouldn't have the resources to do it.
Plus what if 50 computers are flooding your server with bad traffic to bring it to a halt? No one computer's traffic is causing you harm, it's only the combination of all of them together. They could all have different ISPs. No single ISP would see anything bad or be able to stop the attack. | |
|
| 
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
1 edit | It's not necessarily going at full speed from any one machine. The way a DDoS works relies on a lot of clients, but each one can be sending at a moderate rate, and it can still work as a DoS just because there are a lot of them. It just needs to be more than the server can handle. Slashdot blows away small sites regularly with something on the order of 100K hits/hour; with a 1000-member botnet that's only 100 requests each per hour which is nowhere near capacity. It's normal behavior and would not get the attention of even a vigilant ISP. For big sites, heavy-duty servers it takes a lot more, but multiply by 10 or 100 and use more clients and it's still not a big deal.
Another thing the clueless proposer doesn't seem to notice is that the participants in a DDoS aren't necessarily all on the same ISP. The first "D" is for "distributed"; they can be anywhere, and only a fraction on a single ISP.
It's just a dumbass proposal for these and other reasons.
How about this. If it's found that over 90% of the clients in most DDoS attacks run a particular vendor's operating system, make that vendor liable. It obviously sells an OS with poor security!
This is about as reasonable as the lawyer's proposal. | |
|
| Kearnstd
Elf Wizard
Premium
join:2002-01-22
Mullica Hill, NJ | lawyers you have to remember only know enough about computers to type up their lawsuits and hit print.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports | |
|
| | 
RARPSL
join:1999-12-08
Suffern, NY
| Re: Encryption doesn't matter said by Kearnstd :lawyers you have to remember only know enough about computers to type up their lawsuits and hit print. They are not necessarily that competent. All they need know is enough to assign the task to someone with the knowledge (Secretary, Paralegal, Legal Assistant, etc.). In fact even if they had the capability to do it themself, they often see themself as too important to "waste" billable time on it and just offload it to a lower cost person (such as listed above). | |
|
amungus
Premium
join:2004-11-26
America
clubs: | hah that's a good one. why didn't this guy sue Microsoft when XP was released with raw sockets?
...I still laugh to this day that Gibson was so right...
»www.grc.com/dos/intro.htm | |
|
| 
toadlife
Premium
join:2004-05-03
Coalinga, CA | Re: hah Gibson was in no way right. DoS attacks today have little/nothing to do with RAW sockets in Windows XP. | |
|
| | Necronomikro
join:2005-09-01
1 edit | Re: hah Yes, because it was patched! Microsoft patched it after raw sockets were used to DDOS their site.
Several years after the release of Windows XP, my predictions for the consequences of making raw sockets available in a mass market consumer operating system (see all the pages below) came to pass. In fact, the famous "MS Blast" Internet worm used XP's raw sockets to attack Microsoft themselves!
Microsoft first began blocking XP's raw socket features with the release of their second XP Service Pack (SP2). Then an April 2005 security patch finished the job by completely killing off raw sockets. This final move caused a great deal of frantic running around and arm waving from fringe factions of the PC industry who still adamantly refuse to "get it". If these folks still don't "get it" they're never going to. But I am very pleased that Microsoft finally did, and does.
See ZDNet Story: Microsoft tries to quell TCP/IP 'danger'
Microsoft absolutely hates "taking back" operating system features, and thus breaking compatibility with applications that were using them. So this could NOT have been an easy or casual thing for them to do. I am sure it was only done after a great deal of thought and careful consideration. And it means that raw sockets in XP really WERE causing the huge amounts of trouble I knew they would. | |
|
| | |
toadlife
Premium
join:2004-05-03
Coalinga, CA
·AT&T Yahoo
| Re: hah said by Necronomikro :Yes, because it was patched! Microsoft patched it after raw sockets were used to DDOS their site. Umm, no. Before RAW sockets were removed, 99% of DoS attacks did not make use of raw sockets. Just because one or two worms used RAW sockets doesn't mean removing it would help stop DoS attacks.
DoS attacks using Windows boxes still happen every day to this day, and they will continue to happen, with or without RAW sockets support
All Microsoft did was cripple their network stack of Windows XP and force network admins to use a *nix OS to do their network snooping.
--
Break yourself from the Windows admin nipple...
»nonadmin.editme.com | |
|
| | | | Necronomikro
join:2005-09-01
| Re: hah said by toadlife :
All Microsoft did was cripple their network stack of Windows XP and force network admins to use a *nix OS to do their network snooping.
Really? Then how come WINPCAP still works fine on this fully updated box? I can run ethereal just fine... | |
|
| | | | |
toadlife
Premium
join:2004-05-03
Coalinga, CA | Re: hah I wasn't talking about sniffing traffic. | |
|
| | | | | | Necronomikro
join:2005-09-01 | Re: hah "To look into or inquire about curiously, inquisitively, or in a meddlesome fashion: poke, pry. Informal nose (around). Idioms: stick one's nose into. See investigate, participate/abstain."
Define snooping. | |
|
Unregistered user
@ua.edu
| I disagree, up to a point I don't think anyone wants ISPs to be snooping through their subscribers' packets, if for no other reason that, as soon as they start doing it to watch for DDoS attacks, someone will come along and demand they do it for something else, and before you know it, ISPs will be forced to scrutinize packets for all sorts of content.
However, ISPs do need to take responsibility for getting zombies on their networks cleaned up or shut down. Get rid of zombies, and you get rid of most DDoS attacks, spam, and phishing scams. In all the time I've had broadband (since March 2000), I've never once received anything in my bill informing me of how I might protect and secure my PC. Not that I needed it, but many people do. Putting info on a Web site is nice, but how many of your subs visit that site? I'm a Comcast sub, and I hardly ever visit their site. Why should I? As for e-mail, I've never used the mailbox they gave me. I use Yahoo and Gmail. That way, when I change ISPs, I can keep the same address. I suspect many other people do the same, so any messages sent out by an ISP never get read. How about just sending out one stinkin' bill insert? Just one is all I ask. Or insert one TV spot in unsold local ad slots telling people they should secure their PCs. This would cost Comcast next to nothing, since these timeslots are unsold already.
And when people report zombies, ISPs have an obligation to tell the sub to clean their machine or get cut off. No, it doesn't make the ISP money, but it's the right thing to do. | |
|
| battleop
join:2005-09-28
00000
| Re: I disagree, up to a point "And when people report zombies, ISPs have an obligation to tell the sub to clean their machine or get cut off"
ISPs should be obligated to take care of this kind of traffic. Telcos are not responsible for prank callers but if they are reported to law enforcement and law enforcement comes to the phone company they are obligated to help track down the problem. If reported to ISPs, this should be handled in a timely manner.
I work for a local ISP and most of these reports come to me. I am quick to whack their connection if they don't respond quickly. I also do a lot of preemptive monitoring for such traffic.
I don't understand why mega huge ISPs don't work to kill this stuff quicker. I guess it's because they have mega deep pockets and their fix for the problem is to throw more bandwidth at the problem. These kinds of things cost ISPs money in bandwidth. | |
|
| |
Unregistered user
@ua.edu | Re: I disagree, up to a point I think the reason is simply that they don't care. Kicking customers isn't a moneymaking proposition, even though it's good for the ISP's network and the Internet in general. Still, these companies don't see any money in it. | |
|
| | | battleop
join:2005-09-28
00000 | Re: I disagree, up to a point I have NEVER lost a customer becasue I disabled their access for a virus or worm. They have almost always thanked us for telling them they had a problem. | |
|
tickledsomuch
|  huh
| |
|
|
AnonDOG
@kaballero.com
| There ISNT an ISP on the Planet ... Who does not realize that a customer's computer spewing all sorts of nefarious traffic is a liability... NOT because someone might sue... because the customers he services will experience slowdowns and high latency.
There is no reason to hold the average ISP liable for zombies and bots, they will either die the slow death of piss poor service or they will clean up their networks.
When bandwidth costs you money, you conserve it ...
When it doesn't you abuse it and pretend you have a right to it all ...
Bandwidth costs ISPs money. Bandwidth does not cost spammers money. Bandwidth does not cost popup advertizers money.
Anyone can figure out the problem. | |
|
ph03n1x
join:2003-02-15
Sanford, FL
| Looks like somebody... Looks like somebody went to the Jack Thompson School of Law. Talk about something as if you are an expert and are inherently right, and yet you are completely clueless.
This type of solution would never work. Not only would many people start encrypting traffic, alot of packet inspection would no doubt cause additional overhead on the networks. | |
|
| 
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs: | Re: Looks like somebody... *Sigh*
Didn't you read the article? He's an expert. | |
|
Desdinova
join:2003-01-26
Gaithersburg, MD | Turnabout Is Fair Play... I'll agree that the ISP should be held accountable for what their subscribers do when attorney's are held accountable for what their clients do. THAT should be fun to watch...*grin* | |
|
| 
John Galt
What...me panic??
Premium
join:2004-09-30
Happy Camp
| Re: Turnabout Is Fair Play... said by Desdinova :I'll agree that the ISP should be held accountable for what their subscribers do when attorney's are held accountable for what their clients do. THAT should be fun to watch...*grin* 
--
A is A | |
|
Fatal Vector
join:2005-11-26
2 edits | It strikes me That trhe problem is actually things like Active X, Java, Javascript and scripting being turned on by default, simply so some site can have motion advertisements, etc (so called "content").
If these things are turned off in IE, for example, you dont get popups and you dont get drive by downloads (since all these things depend, in the end on exploits of them).
Just an example: Many here have so called animated avatars, which, because I have all the crap turned off in IE, I dont see jittering, moving hopping, etc, which is allright with me because I find that crap to be annoying, even though, I'm sure, you that use them think they are cool or high tech or something. However, when I use firefox, they are moving and I cant get the frakking firefox to stop running them.
I'm sure I can use adblock or some such, but that's a pain in the ass blocking each one and the point is that I shouldn't have to. WHY cant I just shut the crap off completely? Including the flasing ads, etc on sites without having to hassle with adblock, etc?
If you had to turn on such crap and extensions manually and recieved a information screen BEFORE the OS would let you turn it on, we'd have a LOT fewer zombies and more alert people because they would be aware of potential problems to begin with.
The reason we have so many problems with phishing, DDoS, bots, spamming etc is that Microsoft insists on treating everyone like a simpleton and making it as easy as they can for Joe and Jane box of rocks. If they were half as clever as they claim to be, they would integrate help pages )That could be globally turned off for those of us with a brain who knew how) when something important, such as active X, is turned ON or OFF, by default, telling you what the consequences of your actions will be, instead of loading the os with a bunch of crap "features" that very few, if any will even use. | |
|
| |
|
|
|
·
