I hate to see government get involved in anything, but perhaps some law holding PC owners responsible for SPAM that comes from their unpatched machines AS LONG AS there is ample notification to that user that their machine is compromised. Also, ISP's should be held responsible for allowing unpatched machines to be connected to them and for e-mail to be propagated from their. Sounds like an unfunded "mandate", and it probably is, but there is the concept of "attractive nusaince" in the law now. Again, any law would need to be designed to allow for AMPLE notification to the owner of the offending machine/ISP to allow time for them to fix it. Only then would there be a requirement that their ISP disconnect them or face fines. ----- Original Message ----- From: "william(at)elan.net" <william@elan.net> To: <matt@petach.org> Cc: <nanog@merit.edu> Sent: Tuesday, February 17, 2004 15:27 Subject: Re: Open, anonymous services and dealing with abuse
On Tue, 17 Feb 2004 matt@petach.org wrote:
Trojaned PCs and zombie proxies relaying spam are like cold sores; they don't kill anyone, they just make things mildly uncomfortable, so we numb them over, and go about our business like normal, even if that includes allowing the infection to spread even further.
If proxies *did* kill, then yes, we'd take them seriously; but anything short of that, and real life tells us we won't take them seriously enough to try to do real research into ultimately stamping them out.
But proxies do "kill" - the trojaned "owned" PCs are and have been for years used to create distributed DoS attacks which can easily kill a site or even smaller network. There is enourmous potential harm to from them and that is in addition to normal everyday less articulated harm because of spam and more that mail servers and other infrastracture is being used for it. ISPs end up paying for all this.
Everybody thinks if its not us, we don't have problem so we dont want to spend anything to fix it - bu its not true, you already are paying for it due to increased cost of operation. The cost of fixing your own network even 50% of other ISPs did it, would in the end be smaller.
-- William Leibzon Elan Networks william@elan.net