(Taking NANOG out, as this is moving a little towards personal conversation) On Tue, 21 Jan 2003 16:44:26 -0800 "todd glassey" <todd.glassey@worldnet.att.net> wrote:
Vadim - the instant someone sues a Provider for sexual harassment from their spam epidemic you will start to see things change. The reason that No-Sane provider will block these ports or services is because they have been listening to their Network Admins too long, and in fact the problem is that they are not sane providers. What they are, and this is pretty much true across the board, is people that just don't care what they do to earn a buck otherwise we would not have these problems, and this is especially true of those Network Operators that push all those billions of bytes of illicit SPAM and throw their hands up and say "What do you expect us to do" - well the answer is simple. I expect you folks to operate within the law and to cooperate in stopping people who use your services in violation of the laws.
And if the providers out there don't like that - then they should find other businesses.
I think you're *nuts* if you think an ISP should be held entirely accountable for its customers actions. I'm one of a handful of administrators in a small ISP, and we do our damnedest to ensure that everything runs smoothly. We have a fairly strict AUP that we actually enforce, we do egress filtering (not enough, but we're working towards it), we contact customers that are infected with virii and worms, and we have *zero* tolerance for script kiddies (usually instant blackholes). IMHO, that is about all you can expect an ISP to do. Have an AUP that incorporates all of your problems (spam, abuse, viruses, etc), and enforce it. You can *not* expect the ISP to police absolutely everything that its customers do. You can *not* expect the ISP to be held responsible for three of its fifteen thousand customers browsing child porn. You can *not* expect the ISP to be accountable for its two hundred script kiddies. You *can* expect the ISP to have an AUP. You *can* expect the ISP to react, and to react quickly. You *can* expect the ISP to co-operate with the proper authorities, if it goes to that level. You *can* expect the ISP to contact and work with (when and where needed) other ISPs to track down and solve problems. I am a Network Admin, and I am *still* looking for an effective way to block outbound spam from our customers. I spent two months purging all our mail servers of FormMail, and scan them every night for more vulnerable versions. Do you think that I should be sued because one of these slips through the cracks (there's a 24-hour window in which one can be installed and abused), and you get some porn spam? I certainly hope not. Being able to sue ISPs for their customers actions is pure insanity, and will just lead to massive ISP shutdown world-wide. However, being able to sue ISPs for *negligence* and for *ignoring* customers actions is a whole different boat, and I think is an idea worth looking at. - Damian Gerow, an overworked, underpaid, underappreciated Network Administrator. Strung out on caffeine, because I spent most of last night hashing out some more details on our anti-spamming actions.