ISP's lack of responsibility for DoS attacks, by xplora

[Asmo]

Discuss the article ISP's lack of responsibility for DoS attacks, by xplora here.

[DragonFlu]

First off..nothing but crap...

As an isp owner, I have dropped customers for being targets of REPEATED attacks, which affects ALL our customers...These users go out of their way to keep pissing off the person attacking them, etc, I have seen it many times...so blaming this on the ISP is pure bull..

Said users pays a monthly fee, but then you have 500 users also paying a monthly fee, if you cant provide that service because the one user is getting targeted by ddos attacks all the time, then you fail as an isp in providing the rest of your customers the service they pay for. Lay the blame where it belongs please, the DDOS attacks, etc would not happen if dialup, cable, isps, etc, took more responsibility in making sure their cutomers connections and machines are more secure. It's also the users fault, for clicking on links from people they dunno, etc, which installs backdoors on their machines, not securing their network, etc.

Also most TOS/AUP's for isps usually contain that if you are the cause
of inflicting damage to their machines, network, etc...ie by being the target of ddos attacks all the time then its grouns for account termination.
I think what you need to do is read the TOS/AUP of isps a lot better, since most users NEVER read it.

The Shell/webhosting/Dialup end is not to blame for closing accounts that are subject to ddos attacks all the time, and ill be damned if I would let the stupidity of one user affect the rest of my customers, and anyone else that would allow that is just plain stupid.

I mean I agree the isps need to be held responsible and go after the source of the attacks, etc, however, they cannot leave the customer on their network thats being attacked all the time and taking out the entire service for their other customers... by being responsible, as I said, making sure their customers connections are secure, etc...


So sue away

[Asmo]

Hmm, maybe xplora will jump in here, but he speciafically spoke of DoS attacks, and not DDoS attacks.

I understand DDoS affects other customers too, but DoS not necesarily has to be...

Quite a difference between the two, and your reply seems to hold solely arguments based on a DDoS atatck, and not DoS.
_________________
Asmo

webmaster www.IRC-Junkie.org

[ozzy1958]

Interesting to say users are stupid, based on what, if you know the reason, doesnt that mean you know the solution !!

I guess you never heard of patches huh Dragonflu, or exploits for that matter, lots of users get rooted from the said latter, so if every ISP followed your type of thinking, that they are stupid and deserve to be deleted, doesnt say much about you does it.

Its the responsibility of the ISP to look out for these exploits and block that port, I know some ISP's do this already, do you ?

You seem to think its the users fault, but in fact its the ports that are being scanned and attacked that need to be addressed NOT the user.

[DragonFlu]

Actually, again, its the users fault for NOT securing their machine, and the isps fault for not making sure their users machines ARE secure...


Patches, exploits, etc, wouldnt do anything is peoples machines were secure and they used common sense on the net, I see so many users click on spammed links that are nothing but trojans that infect their machine with an automated client that connects to an irc server and then their machine is used to packet others, etc..

Again...this is the users repsonsibility as much as anyones, they need to learn what not to do..and clicking links and going to strange sites they get from others is just one of the huge mistakes made by users.

And isps would be stupid to not remove a user thats the cause/subject of constant ddos attacks..., blocking ports wont do crap if a network is getting 150 gigabit attack and it takes out their entire pipe., blocking ports wont do crap to stop users from getting their machines infected with trojans/backdoors due to carelessness and clicking on links, etc.

The only thing that will stop it is to inform the users about securing their machines and making sure they are secure...

Oh and you bet your booty I inform my users and explain things to them...a good sysadmin will always do that...

Most attacks now days are from spoofed addresses, go ahead try and track them, go ahead try and stop them when they are hitting every port on your machine, etc..wont happen.

if someone wants you taken down they will do it, and its always with rooted and infected machines caused by the carelessness of people that wont take the time to learn to secure their machines or network.

its a known and well proven fact.

[DragonFlu]

'm not trying to start a fight I'm just stating facts, users need to be better informed, isps need to be responsible for informing their own customers, etc this would prevent a lot of the malicious things that go on, not to mention parents need to take a closer look at what their kids are doing on their computers, I cant count how many times young kids are issuing dos attacks, etc, and their parents have not one clue what their children do on the net.

Just dont be so quick to blame ISPS that they shouldnt terminate accounts that are being attacked, etc, they do this to save their customers and their business.

Also dont lay the blame on isps that they should be blocking ports, etc, that wont help either, only informing their users, etc, about how to secure their connections better, etc will improve the problems seen on irc, etc these days.

Have Fun but be smart, it is the internet afterall

[Asmo]

[PoisonBlood]

[xplora]

Asmo, DoS and DDoS are pretty much the same thing these days.

Let me get one thing straight, I do understand the ISP's position, however even after disconnecting the user, the DDoS attacks wont stop, ISP's are dropping the customer and assuming thats the end of it, no investigation to find the attacker, ISP's are not doing enough about the actual attack.

Heres a question, DragonFlu what would happen to your business if all your customers were targets of (D)DoS attacks, would you drop all your customers? I doubt it, you would more likely go after the attacker, all I am saying, is why not go after the attackers now, before the internet gets that bad.

If ISP's actually went after the attackers, they would show to the world 1, they care about the internet (isn't that why they became an ISP?), and 2, they care about there customers. Isn't that worth keeping the customer base?

If you have a customer that has a hacked/insecure machine, notify the customer, since after all, isn't that also violating your precious "AUP", and on the "AUP" note, being the target of a (D)DoS attack is hardly violating any "AUP", and any ISP that considers being the target a violation there of, must realise that from the moment they sign up any customer is a potential (D)DoS target therefore automatically 1 step away from making a violation that is out of there control.

So my point still stands, dropping the target solves nothing, ISP's have the resources to find the source(s), why not do a better job and get together to deal with the source instead of the target.

[Asmo]

[xplora]

Asmo in both they mean Denial of Service, the extra D in DDoS means Distributed, which is only meant as a reference to the the same form of attack happening from several internet locations instead of just 1.

[Asmo]

Yes that too :p

What I meant to say was that a DDoS always makes use of hundreds, or thousands of bots with the purpose of generating useless data that will saturate the networkconnection of the victim, while DoS could also mean that the attacker is making use of a flaw in hardware or software to deny the victim the service of that. For example let the IRC client crash by making use of a CTCP which will trigger a flaw in the clients design (this happened fairly recently for example).

Naturally, if the atatcker does a DoS froma system with loads of upstream bandwidth he could use that too. Shouldve added that I guess =D
_________________
Asmo

webmaster www.IRC-Junkie.org

[romiir]

1st DragonFlu must work for AOL, or another lame isp lol

2nd ozzy1958 said most of what i would type below this line

3rd I would never get internet from DragonFlu, cause apparently he has no tech knowledge, its not hard to automaticly null route dos attacks, and if you are a isp, your going to put up with dos, thats just a fact...

4th Now about the people talking about blocking ports, i completely dissagree, how would you like it if your isp blocked port 80 for instance? I would just drop my isp lol. A interesting thing tho that i have never seen done would be to have a isp block ports by default to protect you from exploits as a sort of built in firewall but let you go to their site with a cpanel like interface, and be able to turn protections off so you can use your ports.. that would be ok but just blocking ports is wrong, secure your own pc lol

Now as a last cent of my 2 cents: I have been dosed many a times, people expect me to go offline, but i never do, my isp isn't stupid, and simply null routes the packets for me, and I never even feel a single packet usually, if every isp was like mine, the internet wouldn't be a dangerous place, but when people like DragonFlu run them, and either dont know what they are doing, or are just to lazy to fix the problems, well, the internet is just going to suck...

Wise Advise: Pick your ISP and Hosting Providers carefully... Look at every possible option, and READ THE TOS lol. That 5 MB down from your local cable company may look nice, but then later they drop you for running a game server in violation of the TOS, you wont be so happy... Do your homework, and you will probally find the right service for you.

If you do not understand the above, AOL is right for you

[xplora]

In DragonFlu's defense, his ISP is obviously a small one, to which one would think he has good contacts with his uplinks to try to sort out DoS attacks. The article however is targetted at some of the larger ISP's especially those that have hundreds/thousands of customers whose computers have been hacked, or are infected with a virus, and these ISP's do nothing about telling there customers there computer is hacked, even when reported.