: : My arguments are in respect to broadband connections to homes and offices : without IT department, firewalls or cluefulness. If you own your own IP : space you'd be considered an ISP, buying transit rather than broadband : home DSL. What the physical wire looks like the service is delivered on : really doesn't matter. : : If I see your ip space bombarding my mail server I can trace its origin. I : can contact you and request to fix the problem. If you ignore me, refuse : to fix the problem I can contact your upstream. Your upstream should then : have a repsonsiblility to resolve the issue including suspension of : service if my claims are valid and breach AUP. : : Adi : : : I don't understand why you single out the SOHO and individuals as being in need of control when I read on many lists, the IT departments of many very large networks continually post their reasons NOT to keep their systems up to date with patches, etc. What ISP would DARE to terminate or suspend their service? A forinstance, a recent worm invasion took down several airline reservations systems. Took down several Air Traffic Control Servers. This is not to mention compromises attributable to many large university systems. These are problems that the IT departments were made aware of well in advance but did not act to secure their own systems. Who do you blame here? What ISP would DARE to suspend their service, demand a fine, and require a system/network audit before restoring service? What this means that all this diatribe, finger pointing, blame someone else conversation is just that, conversation. Until the TCP/IP stack is reinvented to prevent spoofing, and senders are positively, quickly and reliably tracked down, the responsibility to secure your own network is your responsibility and none other. I notice no one is blaming the person/persons who propagate these compromises whether by intent or by error. And there are those who defend protecting the "home turf" but I consider that negligence and ludicrous. One must choose whether to have their computers and networks sitting out in the front yard with access to all, or keeping them not only inside, but even in a secure location inside. There are those that feel that an unsecured system is anybody's target without risk, and there are those who feel their children should be allowed to play unsupervised anywhere without risk. My suggestion is to do a reality check and assume responsibility where you can.