[61594] in North American Network Operators' Group
What if it doesn't affect the ISP? (was Re: What do you want your
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sat Aug 30 14:57:58 2003
Date: Sat, 30 Aug 2003 14:54:22 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <ED3FBD1B-DAB3-11D7-B146-00039388672E@muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 30 Aug 2003, Iljitsch van Beijnum wrote:
> Only if it impacts the ISP, which it doesn't most of the time unless
> they buy an unfortunate brand of dial-up concentrators.
Bits are bits, very few of them actually impact the ISP itself. Most
ISPs protect their own infrastructure. Routers are very good at
forwarding bits. Routers have problems filtering bits. Whether it is
spam, viruses or other attacks; its mostly customers or end-users that
bear the brunt of the impact, not the ISP.
The recurring theme is: I don't want my ISP to block anything I do, but
ISPs should block other people from doing things I don't think they
should do.
So how long is reasonable for an ISP to give a customer to fix an
infected computer; when you have cases like Slammer where it takes only
a few minutes to infect the entire Internet? Do you wait 72 hours?
or until the next business day? or block the traffic immediately?
Or some major ISPs seem to have the practice of letting the infected
computers continuing attacking as long as it doesn't hurt their
network.
