This will be my last post on this issue. In this case: 1) Almost certainly the traffic was due to a worm. 2) Almost certainly the ISP knew (or strongly suspected) the traffic was due to a worm. 3) Quite likely, the ISP never carried most of the traffic to its destination. Once they knew it was worm traffic, they were probably filtering by port. 4) The ISP should not have carried the attack traffic, if they actually did. Doing so is negligent and creates additional innocent victims. Maybe they would give their customer a short time to straighten things out, but that's it. 5) An ISP should not be paid for traffic they only carried out of their own negligence. This doesn't negate the customer's responsibility to anyone but the ISP and only if the ISP is actually negligent, not just the customer. Yes, given the facts we know, it's possible that the ISP really does deserve to be paid, this traffic wasn't due to a worm, or there was no way the ISP could be sure. However, far more likely, the facts are as I state them above. So why does everyone think the ISP is almost certainly entitled to be paid? Is it because they're ISPs? Is it because it's easy to blame someone else? DS