Slashdot Mirror
ISPs Victimizing DoS Victims?
"I wonder if they would have thought they could get away with this had it been 'You're black and we don't want the racists to break our windows so we ain't selling you an account.'
Where do they think they get off suspending an account just because it is getting unprovoked attacks? They'd do better getting law enforcement in on the act themselves on civil liberties grounds if nothing else, before somebody else calls them for a civil liberties foul. What do you guys think? Has this kinda thing happened to you? To your friends?"
Can your ISP suspend your account after you've been victimized by an unprovoked DoS attack? You should probably make a polite inquiry to find out, and if so, move to another.
Update: 06/07 12:27 by C : Cris Daniluk passed me the following note on the related issue of colocated boxen: "I just thought I'd send this directly to you instead of the traditional postings because I think its important enough to warrant attention. In a colocated environment, if your server or server array get DoS'd, 95% of the colocation providers will can you the same way this poor guy got canned. The difference is that if your colocated server gets canned its not as simple as calling the next $19.95/month guy down the street and being online the next day. Food for thought... " Indeed.
Posted Anonymously to protect myself and employerer, so respect the comment.
Example from a well known local ISP:
5. At our discretion, -XXX- may revoke your account at any time. Unused
credit or payments will be refunded on a pro-rated basis. If it is
determined that you are participating in illegal activity, -XXX- may
notify the proper law-enforcement authorities.
A submittor who requested to be nameless sent this issue in for consideration: "I recently heard of a case where an ISP suffered DoS attacks and determined that they were all aimed at knocking one of their users off the net.
So, a nameless individual submitted a story he heard about somewhere, and of course /. posts it because it's guaranteed to boost viewership and therefore ad revenue.
At least when emmett posted the thing about LinuxCare layoffs he had the decency to make some kind of effort to verify the story. Shouldn't every /. editor at least try and do the same? (And please, don't tell me they're too busy; if they're too busy to verify sources then I demand the word "news" be removed from their tagline.)
Last year, I worked for a small ISP as system administrator. This isnt the first ISP I have worked for that has a policy like this either. The owners policy on dos attacks was this: If it happens once, kick user offline and ignore it. If it happens more than once, read users mail, sniff users traffic, report all the users information and logs of their activities to the local FBI morons (without their consent or knowledge). There was no mention of them doing this anywhere in the terms of service agreement.
The essence of discrimination is not in the judgement of a SOCIAL group...but the pre-judgement of a biological group.
Well...it's not the judgement of a social group that is the problem....it's the prejudgement of a social group that you seem to be giving the ok to. (To me that doesn't sound a whole lot better than any other kind of discrimination.) Because a person is of some faith or belief doesn't mean they should be branded. They are still an individual within that organization. Not all religeous people are out to crusade the world over, basically. The ones who are, however, probably should be subject to some judgement...especially depending on their methods. There are plenty of nuts out there...I wouldn't even try to argue otherwise.
Beyond that...some lines would need to be drawn to be even realistic. Would you prevent a member of a social affliation from putting his resume online for a line of work that has nothing to do with his faith? (especially if he is *gasp*, good at it?) Because you don't agree with some social affiliation he has? I am not going to delve into that issue at the moment, but that sounds a little Nazi-ish in and of itself.
It's not fair to a customer that's a victim for an ISP to have to deny them service, but it's also not fair to the hundreds or thousands of other customers on that ISP's network that aren't victims to have to be denied service because of one person.
When you have to pay a $2500+ per month in bandwidth charges for traffic to a $50 per month customer, the numbers pretty much speak for themselves.
Sure, that can tell you if your web server is up, but if it is down, it can't tell you much about why. Ping is handy because it is so dead-simple that it removes most issues of program error and application error and lets you test the network connection at a fairly low level. If port 80 is not responding, but Ping is, then you know not to waste your time looking at the network itself (except maybe the firewall). You know it's the web server software that isn't working.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
As to the question of "can they...", that likely depends on your Terms Of Service agreement. A lot of these things are seriously restrictive, and they almost always place the burden on you the consumer. For all we know, if you get DOSd they can accuse you of "running a server" and knock out your account for that reason. The "acceptable use" policies are usually drawn in very broad language and they can cancel your account for just about anything they don't like that gets their attention. This is yet another reason to make sure and read the fine print before you start handing out that shiny new email address...
There was no URL to a news source in this story - just a "I heard this story". How do we know this even happened? Does anyone have more direct info on the case?
offtopic - I must be blind, but I couldn't find a way to post at the top level of the thread....
Duh...
Guranteed way to spot what you're looking for - ask where it is. I found it.
A smurf attack is a spoofed ping to a broadcast address. Suppose I want to attack example.com at address 10.0.0.1. I would find a poorly configured network somewhere that will actually respond to a ping to the broadcast address from the outside world (say 10.12.0.0). I send out pings claiming to be from 10.0.0.1 to 10.12.255.255. Now, every machine on the 10.12 net (the smurf amplifier) will send ping replys to your machine and flood it.
If all routers were properly configured to reject outgoing spoofed packets and to reject incoming broadcast pings, the smurf attack wouldn't work.
I was head sysadmin for an ISP for about 2 years. During that time, we had a handful of DoS's. One was against a co-loc. Two were against our shell boxes. One was against a user's dialup. In the latter 3 cases, I did drop the accounts. I did so not out of censorship or whatever else you want to say against this ISP. I did it because this person had brought about an attack that totally prevented us from carrying out our business. These DoS's annihilated both our T1's, and even made a dent in the multiple-T3 bandwith of our upstream provider, for several hours during peak times. That's several hours of a few hundred people not being able to use the Internet connections they are paying for. DoS's are not unprovoked; they are partially the victim's fault (at least I have yet to find an instance where it isn't).
If a user is somehow adversely affecting the way the network runs, especially if it's interfering with other customers' use of the network, then the admin has the right to pull the plug on the user. It's no different than setting quotas on disk use so people can't fill up an entire hard drive, disabling a slashdotted site that is dragging a webserver to its knees, cutting off the shell account of a user who won't quit screwing up the shell server, or k-lining someone's IP address. When you have a few hundred people under your administrative responsibility, the good of the many outweighs the good of the few.
Secondly, the solution that the ISP took is not fully spelled out; I can understand for a short time removing access to the victim's site to get the DOS attacks to die down and free up conjestion on their network. But they should inistate the person's access after they have been able to locate the IPs used to DOS the victim and block them before entering the ISP's pipe. Sure, it might take some work, but if a script kiddie goes after one user's site, what's them to stop them from going after another site under that ISP? A malevolent script kiddie could theorhetically close off all user accounts at this ISP with only a small amount of work. ISPs that aren't prepared to deal with such should not be in business and customers should know this.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
Could someone please post where I can find out more details about this story? (This sounds a lot like an urban legend.) Before I spout off my opinions, I'd like to be a little better informed on the details. Thanks.
-Derek
As for getting the police involved, well, a smurf is virtually untracable, the source addresses points back to the (misconfigured) amplifier network, which is totally innocent, and the packets they receive are forged to come from the victim's computer.
I don't agree.
The "innocent" amplifier network needs to be configured correctly; you said it yourself when you said it was misconfigured.
I'm the technical admin for a smallish (600-user) ISP and while I've never had to deal with this particular problem, I don't think I'd block the user. I'd probably find out what it was they were doing that was so terribly offensive and maybe ask them to stop, but beyond that I have to quote Sig11: "I don't have a solution, but I admire the problem."
I wasn't the first one to throw up the attitude. If you'd care to have read his comment, he was the one who suggested that only the "better" ISPs have either the bandwidth avaiable to handle a flood or the ballsy routers capable of blocking it. I merely responded to his tone.
No, two wrongs don't make a right. But three lefts do and sometimes I don't feel like being the patron saint of patience and grace. I'm not always an asshole, but that doesn't mean I can't be one on occassion.
Dealing with Dumb ISP Admins is a losing battle from the beginning. I work at company that provides Email and domain hosting, and we deal with ISP's that relay spam, flood our DNS and generally are misconfigured. When you contact about half of them, they dont care.
I know it won't help with flooding, but why not disable all access to your network from theirs if "talks break down"? It's not a perfect solution (the perfect solution would be to somehow convince their upline to shut their pipe off until they fix the problems) but it would prevent them from spamming and abusing your services.
Additionally, the ISP should either have the bandwidth to handle a DOS attack like that, or the facilities on their router to block it out. If not, you should definately consider a better isp.
Obviously you don't know a whole lot about this.
You can't block smurf attacks at your router. Once the shitstorm hits the pipe it's yours to deal with. If you don't have the bandwidth to handle the smurf traffic, your normal traffic will get bumped in the fray.
Secondly bandwidth is expensive. One of our POPs has a 10mbit link in place to handle 96 dialup customers. Lessee here, 10486kb/s divided into 96*56kbps, or almost 2x the bandwidth we would theoretically require to serve every user if they achieved a true 56000bps connection.
Now along comes Joe Skript Kiddie and his smurf amplification network. Collectively they strike, delivering... oh let's say four good-sized T3 networks' worth of bandwidth to the far end of my 10mbit pipe. There isn't a hope in hell that I'd survive that, even at a 1:2 overcommit (really a 2:1 UNDERcommit. And my bandwidth ratios are pretty decent. Most high speed networks run at a 50:1 or even 100:1 overcommits because bandwidth costs so much.
The solution is to have the smurf traffic blocked BEFORE it hits your upstream pipe, since that way it never gets to clog the connection. Good luck getting your upstream to do that, since it is quite computationally intensive to analyze every packet in the core networks and make intelligent routing decisions. So typically it isn't done.
So much for your fairy-tale concept of how networking works. Perhaps you better go find yourself an ISP with a good VC backing and a 1:1000 overcommit. At least when you don't have to worry about making money you can lose money on every user, along the lines of what amazon.com does.
I've heard of ISPs doing this for years. When i worked for one, i heard of people yelling at users for being victims of DoS attacks all the time. Something to do with "if you didn't provoke them, this wouldn't happen." I don't remember any specific cases of accounts getting suspended in my particular company, but i always assumed it wasn't far off. I remember a few cases of this sort of thing from aol, and a couple from various ISPs around the US.
If this is what i've heard directly from victims, i'm sure this ordeal has been fairly widespread.
I remember reading this a while back but I didn't think it was that long ago...
News.com: Basque site shut down
The date? July 18, 1997
Doing a search for "basque" on news.com turns up a bunch of related stories (if you want the backstory).
No, we have laws that limit our freedoms. In the U.S. we have a freedom of speech. The government cannot restrict a persons right the speech (not including yelling "Fire!" in a crowded movie theater). But a private company should have the right to disciminate. As bad as that sounds, they should have that right. I'll repeat what I said earlier, U.S. citizens have the right to be stupid.
BTW: Freedom of speech does not mean we have should force anyone to listen.
Just because you're paranoid, doesn't mean they're not after you!
Look, censorship is only something the government can be accused of. Private companies are free to censor whom ever they want to. If you don't like it, go use a different ISP. That's the basis of free market.
The reason the government can't censor poeple is that we can't just "go to a different governement" if we are unhappy with its service.
I don't like the ISP's reaction at all. But it is their right to do it. The the U.S., we have the right to be stupid.
Just because you're paranoid, doesn't mean they're not after you!
Your saying as an isp, if your getting an attack...i should have no right to choose that you are bad for my business or have the right to remove you from the systems that other clients you are damaging. that is absurd...
No, that is not what I am saying. What I am saying is that you have no right to blame a DoS target for damage to your business when clearly it is the ones performing the DoS who are doing all of the damage.
close to saying that your going to come into my house and live...pay me FAR little money then its worth...eat my food and throw a party that gets the cops called on me...then saying "you cannot kick me out" does that make ANY sence??
Not in the least. But again, I'm not saying that. Let's modify your scenario a bit. Let's say you take in a paying guest. Furthermore, let's say this guest is black (for reasons which will shortly become apparent). Said guest pays reasonable rates, is pleasant to be around, and doesn't do anything to bother anyone.
Now, let's say the Ku Klux Klan catches wind that you have this guest, and starts burning crosses on your lawn and harassing you for taking in a black boarder. Is that the fault of your guest? Of course not. It's the fault of the KKK. Should you kick the guest out? Nope; in addition to not being fair, it's also probably what the KKK wants you to do, so you'd just be accomplishing the goals of a group of scumbags for them. What should you do instead? Go after the KKK, who are really at fault. Call in the police on harassment charges (or worse, if they get worse than that). It's the only fair way to fix the problem. Sure, it's not as easy or expensive, but quick-fixes like kicking out the guest never work out in the end (what happens when your next guest runs afoul of a similar group of assholes through no fault of their own?)
And if you were an administrator, you would know how easy it is to find out who is getting attacked. as to how do you know if your getting attacked...i have the systems setup to page me on attack....
Ah, but that's not what I asked. You're tracing an attack to your network; that part is easy. But now, try figuring out who is actually being attacked. This is much harder, particularly when most of your customers are dialups and almost all have dynamic IP's.
how else would i know? ohhhh...the fact that my whole network is down because a dialup ran off at the mouth im sorry to see that your comments are so short sighted
Hold on here. You presume too much. How do you know that a dialup is being attacked? Remember, it's nearly impossible to reliably track a dialup user across connections unless you have a copy of the logs and account information used to log in (and if someone outside the ISP has a copy of those, then DoS attacks should be the least of your worries).
Furthermore, a DoS attack is nothing more than pings or SYN packets. Therefore you have no way of knowing why you are being attacked on that basis alone. You have no way of knowing that "a dialop ran off at the mouth"; to presume this is rather against the very ideals on which this country was formed.
meep meep
Is this some pathetic attempt to imitate MEEPT!!? If so, your technique needs a LOT of work.
you appear to be one of the people in the world that has 1001 ideas HOW to make it a better place, yet you never seem to do anything about it.
...that, and it will end the attack.
And what, exactly, would you suggest I do about this case? I don't even know where this is, for crying out loud, thanks to a woefully underinformative original post.
Im sorry, but it is QUITE easy to track a user that is being attacked on my network. i have many toolos that will tell me the incoming traffic and where it is directed, after i know what ip, i simply check to see what user is currently using that ip. then i have plenty of options.
That's just it. You can do that. An attacker cannot, unless you have problems that are a lot worse than any DoS could ever be. If your dialupo was shooting off at the mouth, then an attacker would have no way of getting his IP address reliably. Sure, he might snatch an IP on Monday, but how would he get that same person's IP on Tuesday? The problem isn't yours, it's the attacker's, and it makes trying to attack a dialup impractical to say the absolute least.
Incidentally, because of this you cannot assume that the person to whom all the traffic is going is actually the intended target. Not off of a single DoS anyway. If the same person kept getting DoS'd, then you might have something to worry about (but if these people can keep finding this person's IP and aren't themselves part of your ISP, you have a lot more to worry about).
DoS attacks are NOT that easy to deal with and it is not simply a matter of calling the cops to get the person picked up it is FAR easier for me to simply kick off the user that is getting attacked...
Easier, yes. But is it ethical? Not by a long shot.
Hell, you can't even be sure of that. Let's take one of my previous examples, where you kick off the dialup, but the attackers were pinging the wrong address. When they learn of their little blunder, what will they do? Quite simple; they'll attack again. So you've kicked off a completely innocent person and you haven't solved your problem at all.
in my eyes...ending the attack is all that matters...
Quite a Machiavellian viewpoint. With an attitude for that you should work for MSN. Or maybe AOL.
and only selfish people that have little to no exp. in business affairs would be dumb enuff to let the business go under to save a little dialup, a dialup that makes very little for the company in the first place
Is a DoS going to make an ISP go under? Hardly. As I said, this is where you bring in the authorities. No, it's not easy to find the attacker. It does take time. But that's the key. The longer a DoS attack goes on, the greater the chances of the attacker being caught. Furthermore, attackers know this. The attack will end once you bring people in, one way or another. Either the attacker will chicken out and run, or the authorities will nail him and at least make him stop attacking you.
And meep meep to you too.
The ISP shouldn't have any right to do this. I know all too well what this guy is going through. It's the classic example of the nerd who gets beaten up by a gang of bullies at school, but the school only suspends the nerd.
But there are a few things about this case that I don't understand. First, how did the ISP know to whom these attacks were targeted? Second, how did they ascertain why the attacks were taking place, and how did they figure this out (particularly after knowing who the target was) without also getting at least some idea of who was carrying out the attack?
I don't know. Something sounds fishy about this. Don't get me wrong; the ISP was wrong to suspend the account and the people who carried out the DoS should go to jail, but I think there's more to this than we know here (a link would have been quite helpful).
Think about it. Sane people don't tend to attack others for no reason at all. Sometimes, such as with racists (if they could be called "sane," that is), the reason is imagined rather than real, and it's a damn poor excuse for a reason, but it's a reason nonetheless. If these DoS'ers were simply attacking this guy for a religious site, I'd imagine we'd see a rash of DoS attacks on sites of that religion (again, information as to the religion in question would have been really helpful here). That doesn't seem to have been occurring. Something must have passed between the target and the attackers beforehand. Whether or not the target deliberately provoked the attackers I don't know. But something had to have happened over the course of this dialogue that made the attackers decide to carry out a DoS. Is that the target's fault? Perhaps, but it's not likely. All of this would have been so much easier if the original poster had provided more information, or any kind of link to more info on the case.
"Goddam: the guy's causing me problems because some idiot doesn't like what he says. Fuck 'em: he's outta here..." and you vaporize his account.
So you aid and abet some fucking bigot.
I hope you and your family sleep better at night for knowing that you own a business that feeds you and keeps a roof over your head.
And I hope anyone with a conscience gets as far away from you as they can, as fast as possible.
t_t_b
--
I'm on PJ's "enemies" list! Are you?
This is, of course, not unlike British Airways banning Salman Rushdie from flying on their aircraft for fear of an attack on the plane.
Do I think that it's right, in a civil liberties kind of way? I'm not sure. Obviously, it sucks for Mr. Rushdie, and it's not too pleasing for the user who got removed from their ISP, but on the other hand, we have a greater good to consider. (And don't go ranting about me spewing any kind of 'greater good' crap...it's not quite like that).
Realistically, if the ISP is targeted because of the content brought forth by one user (not in violation of any AUP), and, as such, the ISP loses its' connection to the net, or is very congested at the least, the ISP isn't doing anybody any favors by keeping that user. Other users would probably prefer surfing over the possibility of their ISP taking some idealogical stand, and the user in question isn't going to be getting their message out anyhow, given that no one can reach the ISP.
However, we're going to have to draw the line in the sand somewhere. If script kiddies can get opposing or controversial views from being disseminated by denying service to a greater mass of users, that doesn't set a good precedent. It's kind of like the internet equivalent of an economic embargo. We don't like what you stand for, so you're not going to get any packets. Besides, if script kiddies can do it, what's going to stop operatives from world governments doing the same?
Obviously, the real solution here is better cooperation among ISPs so that DoS attacks can be tracked down in a timely manner, and the perpetrators can be dealt with. And now we're back to what seems to be a common issue these days. A great deal of the Evils(tm) of the Internet today could be resolved if service providers would treat each other as equals, as they once did in the NFSNet days (and even in several years after). Granted, they are competitors, and not all ISPs are created equal, but this network doesn't work without cooperation. If we didn't have cooperation, we'd just have a bunch of big WANs that weren't attached to each other.
Let the marketing and sales guys go at each others' throats, but let the tech guys have each others' phone numbers.
There was nothing stopping them from putting this account onto a completely separate network with a smaller bandwidth (and thus fewer customers sharing the same bandwidth) and leave the majority of their customers on another (unaffected by DOS) network. It was just easier for them to pull the plug than to go to the trouble of moving some machines or accounts around to protect their main cashflow. Maybe this concept is another form of Separate but Equal (and I hope it's not...), but this problem could have been solved in such a way as to keep the account up and protect the ISP's cashflow.
I covered this in a previous post, so I'll be brief.
A) Legit accounts don't get DoSed. If they do, they've been cracked. The account provoked the attack by their behavior, 99.9% of the time on IRC, and 95% of the time in the course of channel wars.
B) Secondly, terminating the target is the FIRST thing you should do. This means the DoS has succeeded, and generally means the attacker gloats in his attack and turns it off. (After all, they're (wrongly) afraid of the FBI coming after them, so why leave it on if it's done it's job?) Once they see the victims bot part IRC, they know they've got it. Mind you, this brings up another major point. On the Internet, DoS attacks WORK. As long as they work, they will happen. If you don't terminate the account, it will be kept offline by DoS until the attacker gets bored. It is The Fastest way, by far, to end an attack
As for tracing it back to the source, why bother? Unless you're yahoo or amazon or e*trade, nobody is going to prosecute the kids involved. Period. I've tried. Nobody cares unless you're a big DotCom. Law enforcement is generally completely incompetent and the few people who can do their job are busy doing it (But only for the major cases).
I've also found that reporting cracked boxes and misconfigured network amplifiers is a waste of time. If the admin has two braincells to rub together, they've fixed it already. If they don't, you've just volunteered to fix them, for free. Too bad the kids arn't doing rm -rf * on roothack boxes anymore, that'd at least shut the dammed things down.
--Dan
It dosn't work that way, actually. People comparing this to terrorism are all wrong. In this case, the terrorists have already achieved their goals. Whatever their target was is offline. At that point, all you can do is try to contain the damage, much like the fire department putting out the fires after a bomb blows up a building.
But then again, RL metaphors suck anyway.
--Dan
In fact, even if there were no broadcast multipliers anywhere, that one ISP could still be used to send out the source-forged command packets to the 'zombie' flood networks.
And telling people to turn off ping is a bad idea. Huge sections of the net are broken because idiot admins think that ICMP=Ping, and thus PMTU discovery breaks, packets get blackholed because no ICMP errors are returned... Not Good.
--Dan
--Dan
How about blocking any BGP routes advertised by ASs that have refused to fix their broadcast amplifiers?
Basically, fix the problem at the source rather then forcing ISPs to spend hundreds of times more effort cleaning up the mess afterwards. (Hint, kids, dialup is a losing buisness at best. Want all the ISPs to just do webhosting and leave the dialup to the telcos? We _KNOW_ how friendly they are. Right?) Basically, on your proposed blacklist you can list any ISP not backed by a mega-corp, since all the competitive, geek friendly and *GASP* shell-access ISPs are the small guy.
And here's another hint: There usually are "innocent victims" of DoS attacks. If they truly didn't do it, it turns out that they gave their password out to 'a friend' who leaked it out to IRC. That right there is abuse worth getting kicked for.
That said, I will say that occasionally the DoS is malicious, rather then retaliatory. One was aimed at a MUD that the attacker didn't get his way on. A few have been takeovers of specific IRC channels that are not your usual skript-kiddie hangout. Those are the only types I'll take any action to protect. If I find war-bot tools in your account after a DoS, you're gone. If you gave out your password, you're gone. If you go out trolling on IRC, you get a warning. Once.
And hey, talk to your ISP. If that's their atitude you've found an intelligent one because they WILL let you run services on their hardware. They WON'T portscan your machine for servers. They will do everything in their power to protect you _IF_ you are honest (and responsible). But why in hell should I waste time protecting the next generation of net.vandals? Being a skript kiddie is not a free speech issue. It should be a one-way ticket off the internet.
--Dan
First off, before everyone gets indignant, I have very rarely seen an 'unprovoked' DoS attack. More often, you have a skript kiddie of your own attempting a channel takeover of some other skript kiddie. At that point, the two escalate hostilities until someone brings out the BFGs... smurf, TFN, whatever. If your kiddie does it first, you get to save your logs for when the FBI comes with a subpoena. If he isn't as quick on the draw, you wait for the other kiddie to get bored before you can get your buisness back online. Either outcome sucks.
The first thing I do when I see a DoS is I take out whatever their target is. It's gonna get killed anyway, might as well hurry up the process. If it's a colo, their eithernet goes. If it's an eggie, it dies. If it's a dialup... well, it's already offline. I disable the account.
Second stage is to determine _WHY_ the attack happened. I generally don't bother calling the kiddie in question because they always lie about what they were doing, when a quick glance at their eggdrop tells you what hostilities were involved. This usually involves lurking on IRC. I have yet to deal with a non-IRC related DoS.
Now, occasionally you have a legitimate user with a legitamate bot running their own channel. They get nuked/DoSed, etc as part of the takeover. In which case you re-enable their account and say 'sorry'. That's perhaps 5% of the time.
As for 'differing religeous viewpoints' that translates in english to 'Trolling for jesus in #foo' where foo generally is a gay pride group. They're wrong, but your client was rude. He (it's always he) needs some cool-off time.
Finally, I'd like to point out that it's a balancing act. You've got to balance the serious strech of 'free speach' of one user verses the legitimate, responsable right to free speach the rest of your users need to have. A DoS dosn't just silence one person, it silences everyone in the area. Is it right to silence one? No. Is it less wrong to uphold the rights of the (responsible) majority? Yes.
--Dan
"The internet treats censorship as damage and routes around it" is actually just the law of competition, recast. The internet isn't a thing, it's the concretization of a set of ideas (protocols). The protocols compete on the basis of usefulness, constantly jostling for developer and user mindshare. Any censorship, partitioning, line-cutting, whatever will just reduce usefulness and push a freer protocol up ahead.
Nowadays the internet and globalization are applying market forces to legal systems. Business will move to follow the money, people to follow freedom, developers to follow technological momentum. Over the next few decades, you'll observe this forcing all the major governments kicking and screaming into a much more libertarian position, and you'll see the unfree remainder becoming more and more third world. Eventually, they'll come cap in hand to the IMF or whoever, and be told that the price of rescue is to strip their laws back to "no force, no fraud".
Or in other words: "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."
Then if the user continued to make comments that provoked certain people, after being warned by the ISP, I would think it appropriate for the user's account to be suspended.
If you go up to a drunk black guy in an alley and start spouting racist propaganda, you're going to get your ass kicked. If you tell a 12 year old script kiddie with a hard-on for distributed dos attacks that his kung fu sucks, your connection's gonna get raped. It's that simple. Know who you're talking to and beware of the consequences inherent in telling people with pseudo-power things they don't want to hear.
If the ISP had instilled that warning into the user's mind, he might think twice about what he's been doing. But I do believe he should have been warned first.
ToiletDuk (58% Slashdot Pure)
Can we have some specifics? This has a touch of the friend-of-a-friend urban legend to it. I would like to verify that this actually happened before I get all in a twist about it.
Yes yes this seems draconian if we compare it to some other thing like your home mailing address but that is because that asset is hard or impossible to replace economically. ISP access is not. If you have your email from some other source unrelated to your own ISP access then changing your ISP because of whatever reason such as they kicked you off, the service was bad, blah blah blah isn't an issue. It's a commodity isn't it??
You mean taking away the licenses of all those who were run over with the truck, right?
Nobody has the right of internet access. Most ISPs have language in their T&C that allows them to terminate service on any grounds.
Yes, it's unfair to the customer that was disconnected, but what of the fellow customers that were impacted by the DoS? You might assume that the service provider has more than one customer to serve.
The reaction is unfair at the moment, but it's hardly censorship and is well within reason.
rm
Hmmm.... we got that. :)
Media: Best Bet. Local TV Stations already view the cable company as something that cuts into their ratings. Only problem is they like sensationalism. You MAY get labeled a HACKER.
I don't think that'll be a problem anymore. >:)
This poses a particular problem in an area that lacks competition. Take me, for example. I am a Mediaone subscriber. This happens to be the only high speed 'net access available to me. If Mediaone decided to terminate my account, where would I go for high speed access? Now, if I was on a modem around here, there are hundreds of providers.
So, legally there might not be much I can do. However, I already have a plan for if/when this happens to me - I don't trust Mediaone. They are a bad ISP, and I have had go-arounds with them over their "security" scans on my computer (I later gave up and installed a firewall) up to where they tried to kick me off the network after a 15 minute e-mail notice for posting DeCSS. I later re-established my account there after 2 wks of going back and fourth with management and the magic words "restraint of trade" finally got them to reinstate my account after I took out DeCSS. Curiously enough they didn't think any of this was related to DeCSS. So much the better, I guess.. but I digress.
What I plan to do if/when Mediaone pulls the plug: First, contact the better business bureau and file a complaint. Second, contact the public utilities commissioner and file a complaint specifically outlining their monopoly on high speed access combined with their AUP as having an adverse impact on the marketplace, 3) file a complaint with the commerce department in my state, 4) go to the local press if they do something really stupid (like what happened to these poor guys - who didn't do anything). In short, my strategy will be to generate so much bad PR and get so many people calling mediaone and asking about it that they take the better part of valor and give me my account back. I may not have legal remedies, but that is no reason not to make things difficult for them. In short, there are other options...
To play the devil's advocate, if an ISP sees a DDoS agains one client, and the removal of that client will allow hundreds of other clients to retain access, the ISP should remove the one for the good of the many.
"Oh, goody," say the black-hat bullies, "we can throw our weight around and get people kicked off the Internet. Let's do it again!"
You can't pacify a crocodile by throwing it steaks. I prefer using a javelin through the head, preferably from behind a nice strong fence.
Got time? Spend some of it coding or testing
Yeah, ok. But beware of the over-quick simple solution.
If I was dictator, I say "Yeah, you can have an abortion, but you must take this 5-year NorPlant implant too, and removing it for anything other than life threatening circumstances (or failure of the device) will bar you from ever getting another abortion...".
This is not a nice thing to say to a rape victim who wants to have a kid with her husband sometime in the next couple of years. Or for a different can of worms, a woman carrying a badly disabled brain damaged fetus.
No matter how cynical you become, it's never enough to keep up.
So by your logic, it would be OK for an ISP to deny access to Catholics, for example, because, after all, they could choose to become Protestant? Or maybe it's OK to refuse service to Democrats, or members of the Sierra Club, or someone who's been divorced, or someone who works for Microsoft.
That sure wouldn't hold up for a restaurant to deny service on these grounds, it shouldn't hold for an ISP either. This kind of discrimination isn't the same as racism, but that doesn't make it OK.
"I believe that the cult of the particular brings only death - for it bases order on likeness." St.-Exupery
What is justice? Is it just to be without Internet service because your neighbor irritated a kiddie with a script?
No, it's seeing the script kiddie held responsible for his actions, and forced to make restitution. You don't deal with terrorists; it only encourages them.
Sure, it's your neighbor this time, so you don't speak out. Then who will be there to speak out for you when your ISP suspends your account because you cheesed off Mr. 3l33t?
Jay (=
It sure is easy to insult other people's viewpoints when you're not putting your name to what you say, isn't it? He's got a valid point. What's your argument? "We'd lose money." Great.
With the Internet rapidly changing into an integral part of our society, we should consider regulating ISPs as common carriers, esp. DSL and cable modem ISPs, who have little or no competition. A common carrier can't refuse or terminate service at will. They must have a legally valid reason, such as not paying your bill. They can't terminate you because you have controversial views or are a pain in the ass to deal with.
Mea navis aericumbens anguillis abundat
As an administrator at an ISP, I'm well aware of the need to watch the bottom line, but I would think twice before suspending a user's account on the grounds that they were being attacked. That's not good customer service, and it's definitely a bad precedent to set.
But wouldn't it be just as bad to constantly put other people's connections at risk and force them to endure outages over one person's page? I'm not saying that you shouldn't stick up for the person, but wouldn't a time come when the other customers have to be thought of also? (I've never worked in the ISP industry, so I'm not too well versed on their internal policies)
I'm assuming that there is a back story to this and this is probably not the first time this person has had trouble (otherwise, they are REALLY over reacting). Also, we don't know if they are persuing this matter any further. I'm inclined to believe they would, if nothing else to ensure the same people don't do it again to someone else.
Finkployd
No ISP has any kind of 'obligation' beyond what is in their terms of service agreement. If they put in a clause that they can cancel your account for any reason (which many do) then they can do just that. People whining about their 'rights' need to stop and actually look at what those rights are. You have a right to speak, not a right to be heard. If a newspaper doesn't want to print your article, or a publishing company doesn't want to publish your book, they are not infringing on your rights anymore than an ISP that doesn't want to host your website.
An ISP is a business, they look out for the bottom line. Many cannot afford to go off fighting crusades on behalf of a single customer that is getting DDOSed or attacked by Mattel for some imaginary copyright violation. I imagine you would not like it if your internet service was down all the time because one customer's site was being attacked.
Stop attacking the ISP every time this happens. They are only being smart.
Finkployd
Well, who's really worse, the ISP for wanting some of it's bandwidth back to in order to protect it's other customers, or the fscking script kiddies.
It's a lose-lose situation. The internet looks more and more like the real world, where stupid people do selfish, evil bullshi+ in order to force their target into submission.
Life is too short, folks. If you are a script-kiddie, get a clue and stop fscking with my time. If any of you could please try to explain why the fsck revenge and bullshi+ attacks are so important to ya'll, I'm all ears.
That's an extremely short-sighted view.
First, calculate the income from all the accounts you close, times the duration of each account. (in other words, for a $20/mo account, you lose $240 per year. If you cancel only one account a month, you'll lose $2880 over the next year. Each year, your losses increase (i.e. in 2003, you lose the income from the accounts you closed in 2000, 2001, 2002, and well as the accounts you close in 2003)
This probably scales with the size of the ISP: a small ISP may close 12 accounts a year. A larger ISP may close 50. The losses add up rapidly, even if you forget goodwill and reputation.
Meanwhile, by not implementing proper ant-DoS measures, the entire ISP is wide open. This can cost you a big chunk of your total business. Prudence demands proper anti-DoS measures to protect the ISP (and incidentally, the users)
*THAT* is the bottom line for ISPs today
An ISP whose head isn't in the sand will also realize that they are actively contributing to the growth of DoS, and their losses will mount exponentially.
Quite a price for not doing proper sysadmin!
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
Have you ever dealt with a poorly ran/dont care ISP? (I know you have, you work at an ISP, but its a retorical question.)
Dealing with Dumb ISP Admins is a losing battle from the beginning. I work at company that provides Email and domain hosting, and we deal with ISP's that relay spam, flood our DNS and generally are misconfigured. When you contact about half of them, they dont care.
I hate to say it, but deleting an account to keep from dealing with a problem that causes us to lose business is the way to go. Ya, I know, it sucks, but dealing with other stupid admin at other ISP's in tracking down problems is not worth it the business of one domain.
Linux O Muerte!
My gut reaction is that this is simply a hoax or urban legend. Unless someone can supply a first-person account, I'm going to write it off and think less of Slashdot for posting hearsay.
There may be a kernel of truth in the story but I bet it is along the lines of someone having to pay per byte.
See if this doesn't ring more true. A user has an offensive web site up. Someone or a group of someones DoSes the site. A person who is used to paying $19.95 a month suddenly finds himself hitting the bandwidth clause in his boilerplate user agreement. Something along the lines of 'base rate covers up to 750 mb of data transfer a month; all usage above that will be rated at $25 a gig'.
The user gets his bill for $700 and says that he won't pay it because the hits and transfers came in the form of a DoS over the course of 30 hours. ISP says 'tough, pay the bill or be cut off'.
Web site owner (possibly a script kiddy himself) gets on IRC/Slashdot/etc. and tells this half truth that his ISP killed his account because of a DoS. Internet becomes enraged. Etc.
Sound more likely?
Of course, this really could have happened just like the submission says. But I doubt it.
InitZero
Usually the goal is to shut the person up permanently. A DoS attack won't itself do that, as it can't be maintained indefinitely. But if the ISP on which the target resides kicks them off, well...
And the solution? DOS'ing any ISP with this policy.
First, cancelling the account of the victim probably won't shut down the DoS attack, at least not for quite a while. The attacker has to notice that his target's not there anymore before he'll stop.
Second, regarding the nudist-in-WalMart analogy. The nudist might be removed, but he will be removed for his disruption of business. Cancelling a DoS victim's account is more akin to throwing out other people in the store because the nudist might make them gawk and that might disrupt business. Which just plain doesn't make sense.
You might want to think about the consequences if it becomes acceptable to terminate your service because someone else has taken an irrational dislike to you and decided to attack you.
You're correct in saying that an ISP is under no obligation to provide service in this kind of situation. And, the victim probably can't sue the ISP.
But he sure as hell can make it known in the community that this ISP won't stick up for its customers.
As an administrator at an ISP, I'm well aware of the need to watch the bottom line, but I would think twice before suspending a user's account on the grounds that they were being attacked. That's not good customer service, and it's definitely a bad precedent to set. Let it be known that you'll suspend your users' accounts if they come under attack, and suddenly a lot more of your users' enemies will come out of the woodwork. Suddenly, DDoS is a very, *very* effective tool for getting rid of people you disagree with.
Now, the ISP may have suspended the user to protect their other customers while they pursued prosecution of the offenders; but that's not the impression I get here. If that were the case, I doubt anyone would've had cause to object to the ISP's behavior. A modem line that's being DDoSed probably isn't going to be all that useful to the user anyway...
Then again, this story is based on hearsay and second-hand quotes, so who knows what really happened. If the Slashdot editors are interested in our reaction to a hypothetical situation, then yes--an ISP which suspends the users' account instead of prosecuting the culprits should get all the bad press we can muster. But if we're talking about a real ISP, then things probably aren't so cut and dried.
Man, when is basic knowledge of American history going to actually be required before people spout off on how much things have gotten worse?
Ever heard of the Alien and Sedition acts (no, they don't have anything to do with the X-Files)? How about the Palmer raids? Those are just two lovely examples of governmental infractions of political opinion. The A & S acts date from 1798 (passed by many of those founding fathers that American knuckleheads worship) and the Palmer raids took place in the 1919-1920. (Use Google to look them up; it's not my job to completely educate every nincompoop that posts.)
Losing political freedom is nothing new, even in the good ol' US of A.
-jon
Remember Amalek.
I need to proof myself better before posting. Replace that with "governmental suppression of political opinion." Going one way, fingers go another...
-jon
Remember Amalek.
The historically illiterate post I was replying to implied that the US government has, since the end of WWII, become more repressive of free speech and that this was a new trend. I was pointing out that this was not, in fact, a new trend. I was pointing out that the self-same founding fathers, who could do no wrong in the eyes of flag-waving Yahoos across the fruited plain, were responsible for an amazingly reprehensible law. My post had nothing to do with the crimes of other countries. The fact that your post was moderated up is proof that the ability to read standard English isn't a requirement for either posting or moderating.
IMHO, the US has been far better at protecting the rights of its citizens than the vast majority of countries in the history of, well, history. But let's get some historical perspective here. The fight for free speech isn't a new development in American history, but an on-going struggle.
-jon
Remember Amalek.
I want ISPs considering this action to think about this...
What actions are you willing to take to prevent a DoS attack?
A user posts something on Usenet that is unpopulare.... For that he is targetted for a DoS.. You remove the user? Or do you hunt the DoS attacker?
A user posts on usenet... regardless of content... is included in a spam mail bomb that nocks e-mail off-line do you remove the user for posting on usenet?
A user sets up a website and his HTML skills (or lack there of) a spelling error.. the inclusion or omition of a technology... draws attack...
Do you remove the user?
The user uses IRC and refuses to use ICQ.. or visa versa.. makes him the target... What then?
Maybe someone dosn't like Unix... or Windows... or MacOs... DoS the servers...
Do you let DoS attacks deside your busness plan? Do you let DoS attacks pick your servers? Do you let DoS attacks pick your employees?
If you answer no to all of the above you shouldn't let a DoS attack pick your custummers eather... If you say yes to just one of the preveous... then you shouldn't be in busness....
A DoS is an act of terrorisum and you never allow terrorists to run your life...
If you do then shortly terrorists will deside your religion... and every aspect of your life... and even that will not be enough...
No ISP should cancle a persons account simply for being the victom of an attack...
An ISP can remove a person for his missconduct on-line. ISPs need not grant any free speech rights.
But to remove a person for a violent reaction is unethical.. immortal.. and quite posably a breach of contract...
Do you fear lawsutes less than DoS attacks?
I don't actually exist.
Who is this mistory ISP...
making it public that the ISP has a victom cancle policy would make people think twice before using that ISP.
Leaving it with a bad name may have more damage than any lawsute could produce
I don't actually exist.
As long as the ISP dose reactivate the account.
However the ISP should inform the user of what is going on...
In this case eather the ISP is not reactivating the account or the ISP is not telling the user what is going on...
Eather is bad...
I don't actually exist.
It dose not make perfict busness sence...
Do you wish to have your account pulled becouse you got DoSed?
Or better yet... to much spam...
This isn't good busness sence at all...
Now script kiddys know what to do when they want someone removed from the system...
They don't even have to provide an effective DoS.. An ineffective attack will do... eather way your eating bandwith... and thats all it takes...
I don't actually exist.
Actually the real problem is that there are too many lawyers without any real jobs. I reckon we should probably limit the number of people getting into law school and shove them into healthcare, or something, where there is a lack of qualified people.
Jumpstart the tartan drive.
This is one advantage of having dynamic addresses. Since your users all have dynamic addresses it is hard for the attacker to get the right computer every time. It is also a good idea to keep a log of the address allocation, in case someone from your end is the source of the DoS attack.
Jumpstart the tartan drive.
Given that there is already a list listing badly configured mail servers, that allow people from outside the site to send e-mail, there should probably be a list allowing packet forging?
Jumpstart the tartan drive.
I think a lot of ISPs for a lot of reasons have a policy on cheapy dial-up accounts (at least in the UK) of being able to take down your web site if it's causing them any hassle whatsoever, whether that's from DoS attacks, nasty lawyers' letters or just high traffic in some cases!
Presumably this guy's site was not the only site hosted on this server, right? So in buckling to these script kiddies they weren't just protecting this guy's site but a whole host of others.
I don't think what they did was that unreasonable in their position, but it's another one of those cases that's going to help shape ISP service contracts of the future. Presumably some other ISP is being paid to host his site now-- so they win, the other ISP loses for their policy of buckling to script kiddies. Though to be honest I'm not sure whether the proportion of `controversial' sites out there moving to upstanding ISPs is going to affect the bank balance of enough ISPs for this to become a big issue. (yeah yeah I know and 640K should be enough for anybody...)
Matthew @ Bytemark Hosting
isn't the ISP the real DoS victim here? hence, shouldn't the ISP be allowed to take steps to procect themselves?
there really isn't that much difference between refusing to serve food to a black man and refusing to serve food to a christian fundamentalist
:)
Wrong, because while the black man may complain, the fundamentalist will do his level best to send you to hell.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
I can see how morally, there is some wierd stuff going on here.. and we would all hope that the ISP would try to..
But, like most business, they probably reserve the right to refuse service to anyone for any reason.
This is not 'censorship'. This is not 'discrimination'. It kind of sucks.. but...
Why should a business (that operates on slim margins as it is) jeopardize it's entire business and everyone's job (not to mention internet access for thousands of people) when removing one person can solve the problem?
If that wasn't in the contract s/he signed when they signed up with that ISP, then I would say (IANAL) that they could sue for damages.
Maybe not: sometimes law is perverse, and the ISP may have the legal power to discontinue service for this sort of thing *unless the contract explicitly denies them the power.*
Actually, I've always found that the biggest zealots, of any cause, are the converts.
...
...
...
This is actually a well-known precept in academic sociology and political science; I wish I could cite something, but it's been a number of years since school, so my memory of that level of specific is shot
As with any cultural minority, the only ones you ever notice are the ones you are least likely to like
Sort of says bad things about multiculturalism, doesn't it --- if the only members of "them" that you notice are the ones that are on the fringe, and doing things that irritate you, but you assume that those people are representative, there's never going to be a useful dialogue
There's an interesting series being run by the NYT right now about race relations (first article was about an integrated pentecostal church, and the second was about how race in miami is different than race in havana) which touches on this issue
People DO choose to become fundies, skinheads, etc. And there is nothing wrong with refusing service to such groups.
Sometimes, though, the 'choice' is a surface myth which doesn't really exist --- the vast majority of people who grow up in heavily fundamentalist families remain fundamentalist; did they 'choose' that? (This isn't a flame, really, but a serious question; the borders of the space defined by the word 'choice' are extremely fuzzy when analyzed philisophically).
I must disagree, though, with the second part of your statement: it is not true that 'there is nothing wrong with refusing service to such groups'; aside form being simply bad economics in most cases (Marriott's refusing to rent to non-married couples, for example, would be economically absurd), there really isn't that much difference between refusing to serve food to a black man and refusing to serve food to a christian fundamentalist: they are both arbitrary decisions based on characteristics of the person which are *irrelevant to the situation at hand*. The only difference is that race is *almost always* irrelevant, whereas religion is occasionally relevant.
I have some big problems with your post.
You are trying to draw a line by saying that you should not be allowed to discriminate based on what someone couldn't choose (like their race) but should be allowed to discriminate based on something they couuld (like their religion).
But what you have forgotton is that on-line, no one can tell anything about you unless you say so. So it is your free will, if you say you are black, or if you say you are a jew, or whatever.
Obviously, I think that there is no difference - people should be protected from discrimination either way.
What if you are black in America, and you make some postings about being black in America. Then a bunch of skinheads DOS'es you. And then your ISP terminates you to protect themselves.
Don't you see that's almost the same as what happened here? I guess then you will say: "Well, the black guy made those postings of HIS OWN FREE WILL, so tough luck for him getting DOS'ed, and tough luck for him losing his account. There's nothing wrong with that..."
By your argument, it would be ok for ISP's to deny service to anyone who says online that they are black, or jewish, or gay, or whatever, because it is their own free will to say so or not.
Wake up! Stand up for people's rights, or there will be nobody left to stand up for you when your turn comes.
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
It probably sucks for the user being pulled off, but being in the ISP's sysadmin's chair, I would have taken that decision too.
Much like the insurances company do : You get in a whole shitload of car smash, you become a liability and eventually, all companies will refuse to sell you insurance.
Those that will accept to will charge you 4-5-6x what you'd usually pay for it.
Let's give the user a choice. Let's bump his access charge 500% to cover for all the additional bandwidth he's using. If he wants to foot the bill, he'll pay up for the infrastructure upgrade. If not, well, be rid of him.
Marriage is considered capital punishment for the theft of a goat in some third world countries...
To play the devil's advocate, if an ISP sees a DDoS agains one client, and the removal of that client will allow hundreds of other clients to retain access, the ISP should remove the one for the good of the many.
I think it's remarkable that it's an expression of a society with no see in the past. We have drop out our control over our sons and their culture and knowledge. We could just see our proud and their career, not their hability to solve major turn points; like this.
We need more study, philosophical study. Our ethic is under attack. Why? We didn't know neither what it means.
Ethic is primary derived from our rules; what we consider the best practices. If we follow then we have ethics.
>> the ISP really has little choice in the matter.
Sure they do... they can do their jobs right or go out of business. They just created a big neon sign telling everyone that they are vulnerable to Dos attacks and will take down sites rather than attempt to prevent the attacks.
You are in a maze of twisty little passages, all alike.
Well, for one things. You are telling the script kiddies that if they attack a site, they can get it removed. I bet those folks are setting their sites on more sites, since their first attack was successful.
This was incredibly cowardly on the ISP's part and they deserve to lose the buisness of others who realize what they have done. Meanwhile, I would suspect that the owners of the site could bring a suit based on the fact that they were shut down based (indirectly, but definitely) on their exercise of protected free speech.
In any event, the ISP has shown their colors and if I were a script kiddie, I'd be targeting their other sites, because if they caved once, they'll cave again.
Rick
You are in a maze of twisty little passages, all alike.
I can't blame them. Given my past history of costing them lots of resources, they decided to drop me, even though none of the car wrecks/stolen vehicle incidents were my fault. Keeping on clients that are magnets for unncessary expenditures is not intelligent. Potential exposures are bad, as well.
Most ISPs' policies state that they can terminate access for any reason whatsoever at their sole discretion. In many other professional fields, these terms would be ridiculous. Nonetheless, ISPs have not been forced through competition to uphold any kind of standard. They want your money but not if it costs them resources (read bandwidth, customer complaints, downtime, network engineers, etc.).
Does this suck? Yes. Can ISPs afford NOT to take every measure possible to avoid a massive DoS that can cost them their business? No.
A clarification: it isn't blackmail. It is extortion -- the threat or use of illegal methods to obtain desired behavior.
I believe you are correct, sir. I stand corrected, in terminology if not in intent.
-TBHiX-
That makes sense when limited to one single incident. However, consider the broader implication. An ISP stays in business by (as the name suggests) providing internet services. If in a given instance, they can be coerced by such tactics into removing the account they find so offensive, then the message sent is "blackmail us and we'll cave." Soon enough, said ISP cannot host any semi-controversial account, and this endangers its market position in the long run, particularly if there are ISPs willing to endure the short-term annoyances in order to pick up the business.
In many ways, this parallels the policy of many nations (paticularly the U.S.) that will not negotiate with kidnappers and terrorists. This may lead to short term tragedy, but prevents the doors from opening up on full-scale extortion by giving the impression that it can be successful. Sadly, as sometimes (often) happens in the business world, the capacity for such medium to long-term views is unable to extend past the next-quarter profits. I do not know if that is what motivates the ISP in this example, but I would not be suprised if it were so.Just my thoughts-in-progress,
-TBHiX-
I'm on DSL. If this kind of thing happened to me, I'd not only have to get a new account with a different provider, but I'd have to find some other connectivity method? I don't think so. This would be one of those "cold dead hands" kind of fights.
My inner voice of reason though, reminds me that the stated case is purely anecdotal, with no citations at all. For what it's worth.
Where the value of X-Mailer: is the true measure of a man...
His question remains. Would you advocate a bank not servicing a black customer because of the high expense of windows and arson insurance? After all, if the bank gets burned by klan members then everyone loses out, right?
.02
My
Quux26
My
Quux26
www.crashspace.net
The right to due process is a right against the government, not against private parties.
In a number of states, a contract for service with no defined term (e.g., "one year") or which purports to be perpetual is deemed terminable at will by either party. If this rule of contract law is applicable, a contract provision explicitly preserving the ISP's right to terminate may not be necessary.
If the termination violates federal or state civil rights laws, then the contract language doesn't matter. (Rights under those laws are "nondisclaimable"; i.e., it's no defense to have a contract term that says, "We reserve our right to terminate you at any time on the ground that you're a member of a minority group.")
The question is, if I'm the victim of a forged packet attack, can I sue Cisco for not setting their routers up to prevent packet forging?
Yeah. And can I sue slashdot, when it does those stores that don't matter to me at all. After all they claim to provide "Stuff that matters."
A) Legit accounts don't get DoSed. If they do, they've been cracked. The account provoked the attack by their behavior, 99.9% of the time on IRC, and 95% of the time in the course of channel wars.
That is great news! So there is very simple way for ISPs to get rid of 99.9% of DoS -- simply firewall access to IRC ports. Sure, you'll lose few customers that want you just for IRC, but we are speaking for 0.1% of customers.
And you get 99,9% protection from DoS! Any only one DoS will cost you much more that yearly income from all those 0.1% IRC ex-customers!
(Fortunately, we have a friendly FBI agent right next door, so we can actually GET subpeona's at 3AM)
Since when do FBI agents have the power to issue subpoenas? That's what judges are for.
Save the whales. Feed the hungry. Free the mallocs.
www.citizensontheweb.com would be interested in telling your friend's story. If you are interested, please e-mail me the details.
------------ Baron Von F.
Come on, get fucking realistic!!! What is the ISP to do? remain down? and have thousands of other users down? If the ISP could stop these script kiddies, and didn't and choose the route they did, then that would be just plain wrong. But today, most ISP's are very powerless, especially against distributed DoS, and please don't even bring up filtering.
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
Please remember, we as a group are going to be characterized by the quality and thought behind our posts.
/.?
So, I ask that as a group we take more time to think before posting. And, if you have to, do research on your subject before posting.
Remember, we're representing a new/old movement in the software and communications industry.
Also, don't assume everything is a personal attack, or an attack on freedoms. That would make us no better than RIAA or the MPAA!
The other thing I would ask, is that if the person sending the article can't give his name, and can't provide better information than that provided in the original article, then maybe this type of article shouldn't be posted on
*WARNING - This article was posted as a VBX file *
I agree 100%, and wish the ISP was identified for this reason. Hell, even Belgium tried to stop the Nazi advance at the beginning of WW-II. This ISP, in contrast, can only be compared (unfavorably) to Chamberlain. In many ways the scariest thing about this story is that there was probably no direct connection between the DOS and the controversial site. This would make the situation analogous to a bomb going off in a city, one terrorist group claiming responsibility... and being handed the corpse of their political opponent on a platter without a struggle. The next time a bomb goes off (another DDOS attack occurs) will anyone be surprised by a dozen terrorists claiming responsibility - and they will all want different things to go away. Will this ISP terminate a dozen accounts because *one* *might* have offended someone?
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Religion is not considered a choice. Most people follow the religion of their parents, something totally beyond their control. Even those of us who have chosen a different path than our parents do so on values introduced to us as children.
Other problematic areas? What about sexual orientation? Is that a choice, a biological condition, or something largely set by early childhood experiences?
What about drug use and addictions? There is absolutely no doubt that addiction has a strong biological component. Are you arguing against discriminating against a stoner in the cockpit since it's a biological condition?
How about obesity? Morbid obesity is (always?) due to biological factors, not "lack of willpower," "lack of exercise," etc. (That's not to say that such factors have no influences, only that someone won't drop from 400 pounds to the covergirl status without doing some pretty severe damage to her body.) Does that mean that obesity jokes should be deemed as socially unacceptable as racist jokes?
Finally, never ever forget the possibility that pedophilia is due to a biological defect. We can have compassion for people burdened with inappopriate desires while simultaneously denying them the right to freely exercise those desires because of the cost to others.
I'm not claiming to have the answer to the questions... only that your analysis of the situation is over-simplistic. By law, some things are not considered "choices." Other things are considered a "choice" by some, and a biological condition by others. Yet other things may be viewed as biological conditions by all-- yet still rejected by society at large.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Is this in violation of any law?
IANAL, but yes, it is a violation of the user's right to due process.
-FrankNot that I disagree with the basic notion that the internet should remain free, but free speech has never been absolute and unfettered. Libel, copyright violation, broadcasting military secrets, and the like have never been protected. And well that some forms of speech shouldn't be protected. After all, those DoS packets could be considered a form of free speech and we want them silenced!
This issue isn't libel per se but the practice of including the ISP as a co-defendent. If ISPs are held legally responsible for the content of speech transmitted via their systems they have little alternative but to act as censors, and prudence dictates that they act as overzealous censors. That is the nightmare scenario, not because it restricts libel but because it stifles wholly legitimate expression.
Lacking <sarcasm> tags,
The NAACP probably has a legal right to exclude whites, but it doesn't do so.
From their website:
I couldn't find specific information to the effect that the NAACP's policies on board membership are that inclusive, but ISTR they do not restrict any offices to or from persons of any particular ethnic group.
I know it isn't really on point, but I felt a need to correct a misperception that the NAACP is an exclusive organization.
B
".sig."
B
"I'm payin' taxes, but what am I buyin'?" -- James Brown
um
that story's anecdotal evidence
just like most of linux's "success stories" in businesses.
the slashdot community seems to enjoy sitting around and whining, but does it actually get anything done? you're preaching to the choir.
-warren
When I worked maintenance for an paartment building we ejected a lady for inadvertantly starting a fire. At first I felt bad, but it was her actions that caused the fire. In this case it is reasonable for someone to act responsibly on the net and if through your actions the ISP is harmed they should have the option of tossing you. A better ISP would simply ash that you change to a new account, but I see the validity in this. This goes right along with abusing any other service. Better yet, mutual respect. Is it reasonable if you pit yourself against a bunch of idiots to expect retaliation? I say yes, even if you feel justified. Just don't expect your ISP to foot the bill for your actions. On a side-note, the ISP is giving you access to the web, but does the agreement also cover VPN's, chat rooms etc?
Face it, your civil rights in a society such as that here in the US end when the profit motive gets in the way. So, just because someone doesn't like you, they can harass you enough that no ISP will carry you and hound you off the Net.
And even the big players, like US Worst or AT&T, won't carry you. It's all in the fine print that you got with the disk, in the file that you didn't page down to read.
And under UCITA, it's all legal and enforceable. Even though you didn't know it.
They don't have to let you have ISP acccounts - it's not like a telephone, where they have to let you have a local call telephone (but not long distance). All the rights you thought you had were sold years ago, at the expense of much dollars by the big telecoms and given to the federal politicians in Congress and the Senate.
[Note - I own shares in AT&T, AOL, and tons of other companies which profit from this situation and probably helped cause it]
Will in Seattle
I'll bet even AOL wouldn't shut someone down for being a victim of a DOS attack. Where does that put your employer?
Sounds like some of them need some more stringent regulation. With their obvious abuse of one-sided service agreements that say "We can do whatever the hell we want and you agree to pay us and cede the rights to your firstborn", it's indicated.
the 50 people wanting to lynch that person...i will give them the person. I, nor any of my houseguests, are going to suffer because of one person. no matter the cause.
Jesus christ!! I feel sorry for anyone you know since you'd be so entirely willing to toss them for a mob to hang, so long as it doesn't cause you to go out of your merry fucking way. Are you an animal, or a member of society? Perhaps neither: you're just a coward with absolutely no principles to stand up for what is right. You should hang your head in shame, for you're a disgrace to all of mankind.
Or for that matter a pro-abortion (I REFUSE to call is pro-choice...) idea in a pro-life group?
huh? I dunno how open your mind is, but you may want to consider actually talking to a few pro-choice people. My wife has a kid from an earlier...mistake. She's pro-choice, and chose to keep her child. Two friends of mine from college have both had unplanned pregnancies. While both are strongly pro-choice, they've both kept their babies as well. All pro-choice means is that such folks believe a woman has choice and control over her own body and that the gov't shouldn't dictate. If they so choose to have the baby, that's fine. But they won't be judged as heathen if they choose to abort.Open your circle of friends = open your mind.
Kinda like Moe, but just a little more Kool
Some young programmers who want it all without working for it decided to DoS my ISP whenever I logged in. Rather than wait for the ISP to handle it, I fixed their security hole (so they couldn't tell when I was logged in) and fixed their firewall so they couldn't be DoSed anymore. The details of this are too complex to get into here (and prior discussion has demonstrated that it's a waste of my time anyway), but my main point is that you have to give the crap, not take it.
Heck, I was getting ddos'ed all the time when I dialed in from my humble abode.
I didn't trust a software solution, so I wired up a hardware firewall using paperclips, resistors, my old TI-994a, and a gerbil in a wheel for the UPS.
I then rappelled into my ISP's mail point of connection, setup my firewall, then hot swapped the fibre to run through the new firewall.
I left a note, "please feed the gerbil", and departed. (I'm leaving a few details out here, the overpowering of the guards, the controlling my body temperature so I didn't show up on the IR security cams, etc, but you get the gist).
George
"Sorry, I had to terminate your account because you broke our Acceptable Use Policy. Here is your stuff, I archived it up for you for your convenience."
"Hey, thazzz n07 F41R! I Watz0Rz m3 4KK0uN7 B4KK!"
"Sorry, no can do. Get an account elsewhere, you can put your material up again."
"URB17CH!"
"Hey, whatzz thiz data.lzh file? Winzip can'tz unzipz0R it!"
"Use lzh - its available everywhere - it is the standard you know."
"Grunt - W4NXX0R"
"yeah, well I have given you the data, it is up to you get get at it. Oh, and I didn't put those naughty pictures of underage children in that file either - the datestamps clearly show that."
"Urk"
"911 - Police, We had this user, he had unacceptable material on his site, so we cancelled his account and put the data on a disk which he has. His address is ... "
"chuckle"
-------------------------
Still, normally cancelling an account just for using up bandwidth is unacceptable, but if he had affected the other users QoS then he should have been banned, or at least warned, because that would have been in the Terms and Conditions. Teach him to get all religious on a bunch of script kiddies really.
Err, more like they confiscate your belongings then boot you out of the county.
-- Superlame http://catpro.dragonfire.net/joshua/
Some of you guys have absolutely no fucking idea what you are talking about. Your rights when you deal with a company are often times the same as theirs. If they don't want to do business with you, then they can cut you loose - if the contract allows it. The majority of my customers are on a month-to-month agreement and if I want to cancel one for screwing up (whether actively or passively) then I reserve the right to yank their account.
To address the particular situation, I would have canceled the account to save the ISP. The author mentions a parallel to refusing business to a African American, but that is a flawed comparision. Just imagine if you had a nudist show up in Wal-Mart - who wouldn't throw him out for disrupting the *normal* flow of business?
The point here is that the attacks cause a disruption of service that affected (probably) thousands of accounts. As most of us know, DDoS attacks can't be stopped short of calling your upstream provider and begging them to filter them out. The logical thing to do is to cancel the account in question until things quiet down.
If any one of you idiots, who think the ISP didn't do the right thing, owned a business that fed you and provided a roof over your head, you'd know what I was talking about.
Unless you have an alternate solution (besides the lame one about calling the FBI) then I suggest you shut the hell up.
Sorry, this just hit a nerve with me.
Hmm, perhaps not "totally innocent", but they aren't the bad guys. Sure, if everyone configured their network correctly, smurfs would be a much smaller/nonexistent problem, but if people would stop trying to DoS everyone, they'd never have been invented in the first place.
Asking them to stop is a great idea.. Until you realise your whole network is being killed by the DoS -- then you just want to kill the attacker, the victim, or anyone nearby.
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
If you survive, it's not much of a Denial of Service.
Maybe you piss off some 14 y/o on a 56k modem, who decides to do something like pingflood you with "ping -f", that won't hurt the ISP, and it'll only hurt you if you use a 14.4 modem (otherwise, it'll act like a big download).
If you *really* annoy some guy who thinks he's a 3l33t h4x0r, then they'll probably smurf you, or your ISP. A big smurf attack can generate a *LOT* of traffic, which can easily bring down a 10mbit pipe, depending on the size of pipe, and the number of computers on the amplifying network.
It's like a pingflood, but from 100 computers at once (or however many pings are returned from the broadcast address of the network), and it can bring down a network easily (it's also the reason for the continuous netsplits on Efnet, and the reason lots of server admins are delinking -- to get the hell away from them).
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
Hmm, that might help, a bit. The problem is, it'd probably be very expensive (CPU time-wise) for the router to update/check/etc, making the routers EVEN MORE expensive ( £/$/etc wise )...
:(
Also, the ISP probably won't be upset by a user being DoSed, unless the bandwidth used by the DoS is affecting the whole ISP.. at that point, the attacker could just move the attack from 1.2.3.4 to 1.2.3.x, and fill the entire subnet's quota, preventing ANY traffic at all reaching the ISP, even if it could *physically* fit on the link, the router would drop it.
OK, so maybe this isn't the magic solution I thought it was when I first read it [unfortunately]
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
>I'm not saying the ISP's argument is completely invalid, but which should we prefer?
As a consumer, I'd assume you'd prefer the consumers point of view... and as an ISP you'd probably prefer their P.O.V.
>Complete restrictions on companies, or giving them free reign to do anything in the name of profits? It's not actually an easy question to answer.
Well, obviously it needs to be somewhere in- between. We need to draw a line somewhere which lets businesses protect themselves, while still giving the consumers rights.
The only problem is figuring out just where we draw that line.
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
Well, the part you [SNIP]'ed out did say I'd never killed a user that hadn't broken the AUP (usually they had flooding/cracking/etc tools or eggdrop scripts for doing the same).
>Come on now, this doesn't make sense. Killing the target won't help during the attack
>During the attack you:
>1. Find the source or sources of the DOS
>2. Block/Filter this at your guardian routers
>3. Communicate with the source ISPs.
>4. Other net admin steps I forgot.
I suppose I should have said a small ISP, but anyway..
It's impossible to find out the true source of the attack is, but filtering it out at the router could help. The problem is when the attack is big enough to kill you at your router -- which is when you bring in the upstream router. But, It can be difficult to get your upstream ISP to filter out all the (many) spoofed addresses before the DoS ends -- and anyway, they'd just move on to another misconfigured broadcast address..
When did I say I'd kill them during the DoS?
I'd terminate the account after the DoS stopped, and I could have a look arround to find the actual CAUSE of the DoS -- and proof it was their fault. I might terminate a user if all they did was provoke the attack, but only if they did it repeatedly, and I knew they had actually done something to provoke it.
The bottom line is, the user is affecting OTHER paying customers as well, and while I definately treat DoSes on a case-by-case basis, it's hard to do much more than contact the admins of the amplifying network, and ask them to fix it, and see if they have any logs which might help trace the real attacker.
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
As a co-admin of a shell/webhosting server, I can't see what else they are supposed to do. I have never terminated a users account because they appear to be the victim of a DoS (most shell users who get DoSed do SOMETHING to deserve it, hell, so do most shell users who DONT get DoSed), but I have terminated many accounts which were committing DoS attacks..
I have had an entire networked downed for over 24 hours because of a DoS, which means the victim loses out, everyone else loses out, and we lose lots of money -- especially when a shell user brings down the webhosting side of things.
Anyway, if the user is being continually DoSed, having an account with the ISP won't do them much good, would it?
As for getting the police involved, well, a smurf is virtually untracable, the source addresses points back to the (misconfigured) amplifier network, which is totally innocent, and the packets they receive are forged to come from the victim's computer. It's difficult to filter smurfs without breaking things like ping, and if the ISP is paying per Gb, DoSes can be expensive.
The ISP has to pay for the DoS traffic (which could cost more than the customer is paying), and also might lose other customers/potential customers because of the reduced performance.
The customer loses their account (possibly their money, though if the ISP has no proof the victim did anything, I'd expect them to at least refund the remaining subscription), and maybe their e-mail address.
The ISP's AUP/TOC usually allow them to
terminate your account for little, if any, reason, and in this case, they have a pretty good reason.
Free speech is great, but should you be sued just because *you* don't want to risk your livelyhood/life/whatever to protect it?
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
How can they tell unrequested trafic as from traffic that is requested via the protocol?
f.ex, I could well imagine a client/server setup where the client sends the server a port number to connect to -- for example a simple RMI/RPC callback.
How can they tell this from a portscan, or do they just disallow incomming connections to ports 1024?
Kinda like when my site got slashdotted and so the host of my virtual server at the time (moved to dedicated now :) suspended the account because it was getting to many requests. Sigh.
...but isn't this more of a YRO topic than an Ask Slashdot? Just seems silly to me under that category.
-- BlueCalx | http://nickd.org/
Could the ISP get their ISP to place a restriction on the number and size of packets comming to each ip address that the first ISP owns? I would think that would not allow DDoS (at the backbone level). Of course it would be a restriction on bandwidth.
Well what about the reign of terror, Stalins purges, Hitlers concentration camps, the list goes on. Perhaps these 'knuckleheads' and 'nincompoop' know about these and realize that their country is not alone, and is one of the most important countries in the formation of modern democracy.
I live in Canada and looking back we have done sme awful thngs to our natives and to early Asian immigrants. Every country has these spots on their history, and their is not reason to continually blame them for them. Rational thinking will tell us that if we blame someone they will try and avoid speeking about it. This is not the way to prevent it from happening. Do you blame the current German government for the third reich? No, but we do remember it, and this is the same way that we must treat all the errors of our past.
Actually after posting I read your post from yesterday and it was very insightful.
I was just letting off a bit of stream from some of the posts in this thread. I replyed to yours because I was bothered by you refering to those who respect the American founding fathers of the US as knuckleheads. Comparing the American revolution to the Bolshivik and French revolutions we will find that the American leaders were much more concerned with liberty and maintaining the goals then the other two. If one is to look into any hero they will see that they are not perfect, and this happened at a different time in history. A million wrongs will not tarnish a single right, and what the founding fathers did was great advancement for democracy and deserve to be respected for that.
I was not moderated up, my account default to 2 points, and I assure you that I am perfectly capable of reading english.
This makes perfect business sense. I feel bad and all for the victim of the DoS. However, the ISP has other clients to worry about. Free speech is great but not when it hurts others. Again, sorry to the victim here, but his site was the target. Thus his free speech hindered other peoples rights. Thus the ISP has every right to protect the rights of their other clients.
What a great way to promote DoS attacks. User A does something to piss off a script kiddie. Script kiddie launchs a DoS attack against User A's ISP. The ISP kicks User A off. The script kiddie congradulates himself on his own success.
And tells his friends.
And soon we see even more DoS attacks.
Just like the worst response to real terrorism is to give in to the terrorists, the worst response to virtual terrorism is to give in to the terrorists.
The cake is a pie
Most of the comments I read are based on a lack of facts.
Questions:
1) How was the individual being attacked? His site? His account?
2) How was the account suspended? IP traffic blocked at router? Account (as in shell) renamed?
3) How did they know which account was being attacked? If it was the whole ISP experiencing the DoS attack, how could they tell which account?
4) How long was it suspended? 3 seconds? 3 hours? 3 days?
5) Is there any reference to this?
It might be a microscopic technicality, but this user is interfering with other people's ability to use their account. Additionally, this might fall under the general "play nice" clause in just about every AUP/TOS/Contract I've ever seen -- basically don't send harassing, offensive, etc. stuff. (Obviously, this person offended someone. Then again, they might have been offended by his mere breathing too.) I'm sure the ISP would give them another account as long as they didn't make themselves another target.
(lame comparison) Imagine there being a contract on you and people actively trying to kill you. You are in danager as much as you are endangering everyone around you. Granted, the cops generally don't stick you in prison, but they also don't let you just walk into the local Taco Bell either.
PS: I've gladly terminated a user's account for being a general jack-ass. As I recall, it was about five minutes from faxed complaint [he pissed off a newsgroup] to "put his stuff on this (AOL) floppy." I just smiled "ear to ear" as I archived his files with an amiga archiver -- good luck gettin' that stuff back. Muhahhah!
So, freedom of speech should only be protected if it's speech of which you approve?
Open your mind.
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
A while back the paper here reported about the exact same thing happening to someone. The response the ISP said was the same, we're cutting you off we can't deal with the DOS attack, and you're hurting our other customers.
Its a real bad attitude by ISPs and I would definatly think about it if I ever needed a commercial link in the city because who knows if you're the next target of a DOS attack and suddenly without access.
A friend of mine was hit with a DDoS attack by script kiddies. His ISP booted him off his account and called the cops! They claimed that he was the attacker! Any idiot reading a packet log could tell that he was the victim. The RCMP (like the FBI, but in Canada) took his computer as evidence for more than 6 months! It was absurd!
Law enforcement really needs to get some kind of a grip on computer crime and stop blowing it way out of proportion.
I've gotta say that if I were your upstream, and you served me with a subpoena at 3AM to handle one of your problems, I'd comply, then drop you like a hot potato.
After all, unless a law says otherwise, you don't have to do business with anyone you don't want to.
To paraphrase this article:
I heard of this dude once who did something and then their ISP was real mean and kicked them off! What an outrage!
C'mon! Where are the details? The ISPs name? The person's direct account of the event? This smells worse than the daily paper I usually avoid.
No, I did not pay at the end. They lost track of me since I moved, and because of the credit card fraud I don't think they made an effort to locate me. If my aunt (who is taking the bar to become a lawyer) said that I had to pay I would've attempted to pay, but they had no right to charge me for their lack of security she said. It would've gone to court.
:)
It wasn't really my friend's fault either, he was just logged in from work, and he found out like at the end of the work day that the gov't computer got hacked.
We were all in college and didn't have any money anyways.
Well, about 3 years ago I was running a MUD at an ISP, and we had one shell account that 3 of us shared. They knew that we were sharing it, but all they said once was "you should get separate accounts" but didn't take any action other than that. (technically it was against their TOS, but it seemed like a loose rule since they acted like it was a suggestion more than a hard and fast rule).
Anyways, one of the guys worked for the government and was logged onto the shell from his work machine. The government computer got hacked into and someone running a packet sniffer got ahold of our account's password. They did some damage to the machine (not sure what) and our account was terminated without any sort of email to my regular email address.
Then I got a call from my credit card company. Someone had tried to charge $3200 to my credit card, and the limit wasn't that high so it was denied. Then they tried $2500 and that was denied. Then they tried $1500 and that went through. They told me that it was out of the city this ISP was in, and it was for "electronic merchandise". They said that it seemed suspicious since most of my purchases were small, so they called me to ask about it.
I told my credit card company that I had an account with this ISP, and that I had used my credit card with them once, to pay the first month's bill. After that we sent a check every month.
I disputed the charges, and never heard anything about it again so I'm assuming that they resolved it. The ISP sent me bills for $3200-$1500 every month until I moved and they lost track of me.
After I got off the phone with the CC company, I called the ISP, and ended up calling the president of the ISP at home (he had a very nice wife but the guy was a dick). He said that they were charging me for the time it took them to fix the machine, billed at $80(something) an hour. They said that I broke the TOS so they were acting like I hacked the machine even though they KNEW that neither I nor my friends did.
Beware. Shit happens, it can happen to you. Some ISPs are just plain dicks. Closing your acct is one thing... trying to bill you $3200 and commit credit card fraud is another.
Is this in violation of any law? Besides seeming to apply to censorship.
I am curious if this is true. I agree with an earlier post that questions how a Dos would know I was no longer on thier system (perhaps a letter of surrender?).
That being said however, ISPs are businesses and very competitive. If removing an individual user will put the system back online, the person will most likely get kicked. How many times have you booted a user off a box to get production back up?
However, this is a very dangerous stand. Forget about individual rights, as an ISP you just agreed to be hostage to the next Dos. Except this time they want their message posted, or your largest corporate customer shut down. Now what?
Seems like a bad choice all around. Block them out, and move on. Otherwise you end up here with everyone questioning you motives.
This sounds a lot like the story of a kid whom some of my friends in high school knew. He had an anti-Nazi patch on his backpack. He was harassed by people for having such a patch, but HE was the one suspended for their behavior. The local papers got ahold of this story, and I think most of the damage was undone.
--
The other side is crowded. The dead have nowhere to go.
One evening, while sitting on IRC/efnet, on some of the channels I hang out on, I was called names (that I'll not repeat; they prominantly featured words beginning with 'c' and 'f') by some jerk, who had earlier identified himself as a Unix sysadmin for mickeysloth in the Bay area. I kick/banned him, for I had chanops in that particular channel. He responded with a ping flood, and I reconnected and thought little of it.
Until the following morning, when I found that my account had been cancelled by my former ISP (itouch/realtime in the Austin, Tx area). The jerk had launched a DDoS attack against my account, my ISP, and against an eggdrop bot that I was running in my shell account there.
Although I had complained about this person before, for he had taken my ISP down two months earlier, and gave my ISP all of the information (something like six or eight hostmasks and IPs) that i had about him, they refused even to allow me to retrieve data from their server, or to send an email to people directing them to some other account.
Should they have been allowed to do this? I think not. But I can't afford the attorney's fees it would take to fight them, and besides, my data has most likely long since been wiped from their hard drives.
I'm not feeling that clever this morning.
However, this case almost seems to be evidence in favor of a government-run and regulated internet (at least in the U.S.). Private businesses are, for the most part, not subject to constitutional prohibitions against censorship, so an ISP can pretty much ban you for any reason whatsoever, and censor your speech in any fashion they choose. At least there are legal protections against government censorship and, despite what a lot of people think, the U.S. has a pretty good record in protecting speech. At least there are some checks and balances in place. In the corporate realm, you're pretty much at the mercy of the corporate overlord.
The real problem seems to be that all of the new legislation is targeted toward protecting corporations from consumers (DMCA, UCITA, etc.) rather than protecting consumers from corporations. This is ass-backwards IMO.
-Vercingetorix
"Necessitas non habet legem." -St. Augustine
Just because the TOS says they can terminate an account for no reason doesn't give them a liscense to discriminate. I have an "at-will" employment contract, but they still can't fire me because of my religion, skin color, etc.
-Jeff
A couple of years ago I came under a situation much like this one. Someone hacked into my ISP's server to get to my account and to my friend's. Then, they detected it, shut him down and then canceled both our accounts telling us that we were a security risk and that they could no longer offer us service because it put the rest of their customers at risk. 8P
Okay, we don't know enough about the situation, but why is everyone assuming the target account was killed or terminated? The leader on the story says SUSPENDED , which in my mind, indicates a temporary state of affairs.
If someone were causing my ISP grief due to a DDoS, even if it were directed at MY account, I'd hope the ISP would take the most prudent course of action: down the account or machine for a little while to let the kiddies feel they've won. Explain to the apparent target what happened, and explain what it will take to keep within good service agreements with the ISP.
(Suspend versus Terminate? =anagram>
Instruments served pause.
Massive PUT-ness returned.
Invests prudent measures. )
[
From the looks of this post it is simply an "I heard this story from a friend, who heard it from his cousin who heard it..."
Does anyone have a link to a story, or an article or even a personal site about this guys problem? If not I'd have to question whether this actually happened or not.
forgey
I duno, sounds like the anonymous poster hasn't been around too long. I'm only 24 years of age, But I have been hearing about this for years now. To me its like common knowledge: the fact that ISP discontinue service to those who pose a threat to their service as a whole. I hardly think there is anything wrong with the conduct of the ISP. True, they could have managed their customer service better. However, we consumers tend to take our network providers a bit for granted. Ip providers have to put up with this type of activity all the time. Think about it from their perspective. It would cost more money to pursue the script kiddies than by terminating the destination account. That end user could always get another account as another alias, or go to a different IP provider all together. Internet service has never been found to be a Monopoly, nor something that forces you to use only one ISP, don't cry, just go find another place to give internet service to you.
It isn't a lie if you belive it.
2. How are the attackers grok'ing the location of the target? Is it a dial-in? Dedicated line? Co-lo? Seems rather odd. There could be a whole other story there.
Sounds like a fishy story to me. Not quite enough details.
No but if you drive a monster truck down the freeway running over any car in your way they would take your drivers lisense.
I know a lot of people who work for ISPs, and the bottom line is that the ISPs are for-profit corporations, and their behavior will reflect that. Kicking off one user will result in a lower loss of profit than the potential loss if a portion of the network gets saturated. I agree, it's not fair, it's not right, and they shouldn't be doing it. But what can ya do?
A lot of privately owned companies these days are infringing on rights that the government would not be allowed to. Perhaps it's time some legislation was drawn up to require companies to meet certain guidelines in order to qualify for the full protections they get with the Corporate license.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This problem might be more attackable at the hardware provider level. Get Cisco and the other router makers to set their routers up to automatically include these rules (Possibly with the ability to turn them off) and you'd severely cut back on the number of DOSes. Even some of the newer attacks that involve using thousands of compromised machines use packet forging to obscure the return address. Eliminate packet forging and all of a sudden your attacker is two easy hops from being caught.
The question is, if I'm the victim of a forged packet attack, can I sue Cisco for not setting their routers up to prevent packet forging?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Well hell what would be fun is, in the contents of the packets your sending, put something in the packet about whatever your cause of the week is, the just claim that you were excersing your right to free speech. Yeah, that'll work...not
This is the worst route that the ISP could have taken. They made the attackers victorious in what they set out to do.
First let me tell everyone about some things you might not want to know. In my opinion DoS attacks are like taking the computers hostage, or any terrorist act. You don't agree with the politics of a group or you want attention. In any real world terrorism you can never, I repeat never give the terrorist anything they want, except for absolutely meaningless things. Even if they want peanut butter and jelly sandwhiches you give them a jar of peanut butter, some jelly, and some stail bread. On a more serious side if they pull the trick of covering themselves and hostages with a blanket and come out of the house (so the SWAT can't see who they are shooting) there is always a no pass line (generally 25 or so feet in front of the door. It is just as it sounds, the terrorist does NOT pass that line, if you have to kill hostages to kill the terrorist it is acceptable. These are the policies in place right now all the way from some little towns police force to the FBI.
Now you may ask why I went through all this. It's simple, if you ever give a terrorist what they want then terrorism becomes a viable option. The same will happen with DoS attacks or any other online attack. If you give one person what they want in an attempt to stop attacks you are going to cause many many more attacks with the same result sought. It's bad practice, and bad logic on the ISP's side of it. I repeat again that this was the WORST thing they could have done.
However, I handled it quite differently. I told the user to stop breaking the policy (spamming newsgroups), but also expressed that I didn't care about what he was hosting -- I don't censor that, nor do I care.
ISPs must respect their users freedoms, and know who the real enemy is; And it's not the guy paying 40 bux a month for his ADSL connection, that's for damn sure.
Mike Roberto (roberto@soul.apk.net) -GAIM: MicroBerto
Berto
The contract most likely says that they can cancel the account for whatever reason they want. If not, I say you bring em to court!
Mike Roberto (roberto@soul.apk.net) -GAIM: MicroBerto
Berto
Wow, this is more than funny, this is heavily insightful. I didn't think of it that way. The ISP must side with its customers, they are the ones paying the money.
Mike Roberto (roberto@soul.apk.net) -GAIM: MicroBerto
Berto
I'd rather have good DSL provided (which i live too far away to get anyway!) and a small chance of a DoS than a super-secure network and shitty DSL.
Mike Roberto (roberto@soul.apk.net) -GAIM: MicroBerto
Berto
>Complete restrictions on companies, or giving them free reign to do anything in the name of profits? It's not actually an easy question to answer.
/Duncan
Well, obviously it needs to be somewhere in- between. We need to draw a line somewhere which lets businesses protect themselves, while still giving the consumers rights. The only problem is figuring out just where we draw that line.
Where do you draw the line?
My point is that an ISP (large or small) is in the business of supplying bandwidth and connectivity. A DOS or DDOS is a direct attack on that capibility. Since that function is core of your business it is part of the cost of doing business to protect against DOS and DDOS. As an ISP you must be able to react quickly and protect your network in the event of such as attack. You should have a plan of action and agreements with your upstream providers on how to handle such attacks. As a business, small or large, this is your job.
Blaming the customer is just idiotic and should be universally condemned. They are a target and they should only be kicked off when they violate an actual legimate AUP. Not because they were a target of a DOS that is the job of the ISP to deal with.
Duncan Watson -Rock climbing, Encryption, privacy
PGP Fingerprint -PGP Key on www.keyserver.net
Duncan Watson
As a co-admin of a shell/webhosting server, I can't see what else they are supposed to do.
/Duncan
[SNIP]
have had an entire networked downed for over 24 hours because of a DoS, which means the victim loses out, everyone else loses out, and we lose lots of money -- especially when a shell user brings down the webhosting side of things.
Come on now, this doesn't make sense. Killing the target won't help during the attack
During the attack you:
1. Find the source or sources of the DOS
2. Block/Filter this at your guardian routers
3. Communicate with the source ISPs.
4. Other net admin steps I forgot
Killing the account must have come later during the "how do we prevent this from happening again" discussion. Obviously this is a stupid reaction. DOS attacks are something you can't ignore by placing your head in the ground and refusing to believe legimate people are being attacked.
If you are an ISP it is your responsibility to learn to handle this kind of attack in stride
Duncan Watson -Rock climbing, Encryption, privacy
PGP Fingerprint -PGP Key on www.keyserver.net
Duncan Watson
If that wasn't in the contract s/he signed when they signed up with that ISP, then I would say (IANAL) that they could sue for damages.
The bigger question though is how many ISPs have something like this in their terms and conditions contract. I'll have to go check my ISPs paperwork to see if it's in my contract for service.
LongTail SSH Brute Force analysis tool is here!
You know what to do with the HELLO.
You know what to do with the HELLO. ...
Help create an open-source world
No, you're wrong, because you'll be hard pressed to find an ISP which will protect freedom of speech over their bottomline.
Imo, governments are a far smaller threat than corporations. In free democratic countries at least, freedom of speech is consitutionally protected. The government can't stop you from expressing your views. You can demonstrate, you can speak up in public (to some extent at least), even if your views do not coincide with the majority.
But in an Internet run by corporations, no such guarantees exist. Your ISP is free to cut you off for any reason whatsoever, especially when their corporate bottomline is in danger. If the internet is your primary means of communicating your views to the public, you now no longer have the means of speaking up.
"Libel, copyright violation, broadcasting military secrets, and the like have never been protected."
That's a nice way of saying: "Libel, copyright violation, broadcasting military secrets, and the like have always been attacked."
Amazing how our intellect works ain't it? Just express things the right way, and everybody will agree with you..
- Steeltoe
http://www.debunkingskeptics.com/
A few months ago my cable ISP (@home canadian spin off cable) was hit fairly hard by some script toddlers (kiddies is a *little* too mature for the behavior) and my IP was blackholed. When I phoned them to get it turned back on they complied but wrung me out for "spurring on attacks on IRC or chat programs". They actually warned me if it happend again they'd have to look into some sort of action...
:\)
I was really pissed, there wasn't anything I could really do about it. I can understand an ISP's need to protect themselves, but instead of targetting the victim, maybe they should put resources into better filtering and tracing (which is usually useless
bee
+ Donald Gunth
+ Email: dgunth@quicktek.net
"Caffeine is the greatest lubricant ever created." -ESR
      For crying out loud! Why does it always, ALWAYS have to come back do a damn comparison to racism against blacks? There's been racism elsewhere, against others. The only thing keeping racism alive is the absolute, and utterly juvinile instinct, to consistently hammer in the fact that life, for someone, at sometime, has not been fair. We ALL go through it! ALL OF US at some point. Give it a rest. We're well aware of our past, now let's fight the future. Down with the damn ISP for being unfare to someone in the PRESENT.
"The past is history, it cannot be undone, therefor, all that we can hope to do, is to avenge it's unglorified passing, with the conquest of justice, and attained wisdom, in the battle against the future!"
            - Wm J Wilson (06.06.00)
-=+=-=+=-=+=-=+=-
following my instincts not a trend...
This is like sending a rape victom to prison to keep the criminal from attacking her again.
At my site such attacks are blocked at the routers. I do not see what is so difficult about that.
The views expressed here are a figment of your imagination.
There is no compelling reason why they shouldn't suspend or cancel the account of a person who has been targetted in the past for attacks of any kind against the server. It's probably not the best way to handle it, but the ISP is well within its rights. To use an analogy: If you're in a restaurant and some punks come in and get in a loud argument with you, you're probably going to get thrown out along with them. "We reserve the right to refuse service to anyone."
Alright just to point out that most people like to pick one side and say "HEY I'M RIGHT DAMNIT!" Well both sides are somewhat right and somewhat wrong. There are two sides to this, and ethical and a economic side.
/maybe/) he is still a user that pays twent bucks a month. This is a company, depending on the size (I'm going to say not very big because it sounds small) they have probably anywhere from a (few)hundred to a (few)thosand. Now I'm willing to bet the ISP had atleast a thousand and that is a thousand screaming coustomers using up their tech support and DIAPs or whatnot to get online. They start to lose money.
First the ethical side, yes this person was violated for his religious view (maybe, sounds like a BS store I would make up). In all fairness the ISP should do one or both of the fallowing.. A) They should block the ip ranges attacking them. and B) Give the user a new IP if he has a static IP.
Now with that said, if the company did go the ethical way the would have to have the user not go back where he was and start the shit up again.
And now to the economic standpoint. Even though the user was violated for his views (once again
Now both sides could be the way to go for different people. But if your a business then you want to try to not lose as much money as possible. So a business will pick the economic option because they are a business, point blank. They don't want to tell a thousand customers "I'm sorry but you wont have service for the next few hours to the next few days because Johnny wanted to voice his oppinion about his religion to a bunch of heathen packet monkeys.
Well that sums it up for me, if I'm wrong (and I'm sure a lot of you think I am) please express so.
----------------------
58.0% slashdot corrupt
The above post is not a troll. This is a valid opinion, maybe it conflicts with the entire rah-rah-free-speech-screw-big-business-internet-ac cess-is-a-god-given-right mentality of the typical slashdotter but it is not a troll.
His statement is very valid. ISPs run on tight margins and it makes no sense for a business to risk losing several hundreds or thousands of customer simply to satisfy one user.
Whether the ISP even knows why the user is being harrassed is unknown and cannot be verified due to the fact that no identifying information was posted but from a financial standpoint the ISP made the best decision they could with the facts they have. Heck, the U.S. government and the combined dollars of Yahoo, eBay, and several others can't catch a bunch of DoSing script kiddies yet people expect a local(or even national) ISP to continually defy them because of 1 user ($20 a month which isn't even all profit) ?
I have had this happen to me also. fact is that they have a right to run their business the way they want -- BUT they should be courteous enough to tell the customer about this sort of thing when he/she signs up. they sort of surprised me by removing the account, and didn't say anything until I inquired. if the ISP isn't willing to be honest and provide that information up front, they are obviously a bunch of shady motherfuckers who shouldn't be supported.
This *IS* the wisest, time-tested and proven solution to the problem.
My god, I need my moderator points NOW...
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,
--- Grow a pair, liberals... stop letting the Republicans bully you!
Dear ISP owners in this thread:
I'm all for giving you the worst possible press if you shut down a user who is the victim of DoS cyber terrorist activity, instead of dealing with the terrorist.
If you want to make it easy for script kiddies to remove sites they don't want, by use of DoS attacks, then I have no problem kicking you in the pocketbook until you are forced, by economic pressure, to rethink your policies.
I have experience with MySQL and PHP. Anyone want help putting together an internet blacklist that targets ISP's that shut down DOS victims, for boycotts?
How about also suggesting web hosters who fight the DoS'ers instead of shutting down their victims?
I'm ready to fight. I'll help or totally make the database and the access interface. I can't do graphics worth a crap but I can do the back engine work.
Contact me at travoltus@hotmail.com if you've got a project like this up. Sign me up for the fight!
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,
--- Grow a pair, liberals... stop letting the Republicans bully you!
This is a huge abuse of ask slashdot. The author doesn't even ask anything, he just makes a statement, in the hopes of stirring people up...
/. is one question, but wether or not it belongs on Ask Slashdot is quite clear... NO.
..kinda like a...TROLL. This is total flamebait. Wether or not it belongs on
NightHawk
Tyranny = Government choosing how much power to give the people.
Give the user a completely new account (new login, e-mail etc.) which the DDOSers would not (yet) know. And ask the concerned user to keep a low profile while the access provider puts a system in place which will prevent a similar attack in the future.
Getting rid of the targetted customer is not a solution in the long term
. The economic reasoning of the provider, ie simply throwing out the targetted user, is as a consequence sheer nonsense.Every access provider should sooner rather than later have a routing and load balancing system in place which can tackle a DDOS or other attack (e-mail bombing is even more obvious).
deBelge
The nice thing about Windows is: it does not just crash; it displays a nice little dialog box and let's you press 'OK'
Why don't these ISPs just make better defenses against DOS attacks in the first place? Then they wouldn't have to worry about all of this...
Well, maybe 'cause they're so friggin' cheap...
-- Dr. Eldarion --
Remeber what fiinally stopped the Salem Wich trials? It wasn't common sense or public backlash or anything else. It was that some oaf decided to accuse the Govenor's wife, and the Govenor suddenly found cause to put a stop to it all.
Not that I can condone any DoS or any other crime, but by poetic justice the problem might take care of it's self, if one or more of the ISP's own employees becomes the victim...
TangoChaz
--------------------
TangoChaz
--------------------
Wise men talk because they have something to say, fools because the
For one thing, I'd like to point out that similar things happen all the time. I use the aformentioned mega-hyper-global-network, and anyone else who's ever been a little "curious" about the software can tell you that if you're kicked off by some script-kiddie with a "punter", by the TOS, you can lose your account (for "disrupting the service"). I've actually fought over that one.
But, in light of the constant complaints of "I can't sign on!", maybe AOL makes the right decision in removing the targets of DoS attacks, et al., from their service.
I mean, come on - if you had a big, red bullseye painted in your backyard, and you wanted jets to quit bombing your pool with napalm, you'd get rid of the bullseye, right?
"I'm not even supposed to BE here today!"
More like someone is trying to set your house on fire, and the fire department demolishes it to keep it from burning down the whole neighborhood.
_________________________
_________________________
Spelling and grammar mistakes left as an exercise for the reader.
By calling the people who did this 'script kiddies', one pictures some dumb 16 year old who is gets off on overloading sites he doesn't like. What about all the Evil(tm) people in this world such as scientlogists , groups on one side of a polarized issue hired guns from large companies etc. All of those people could hire anyone to do something like this; and with a diverse enough net of people, it's easy to claim to be hacked when you have access to accounts in many places (universities, institutions etc.)
The ISP is wrong here, I think. I can fully understand that the ISP is facing a difficult issue here, but if they keep on doing this, civil rights are in danger.
If ISP continue acting like that, it would be too easy for e.g. Nazi-techies to eliminate a great deal of anti-nazistic websites. They could even try eliminate all websites off gays, non-white people, ...
We are facing larger and larger difficulties keaping the net clean, but letting a small group of techies decide what sites should an should not be on the net is definitely wrong !
Mike
I don't think that you have a civil rights case against the ISP unless their decision of what to do was based on the victims religious veiwpoints. If all they knew was "this guy's getting DoSed and screwing up our service, lets drop him", then its just consumer protection laws. The only way I could see it being a civil rights case would be if they knew the reason he was getting DoSed was his religious opinions and they said "he deserved to get DoSed for saying that, why should we do anything except cut our own losses."
Now, if the ISP had the right to cut him off for causing them service problems, he has a civil rights case against the script kiddies who were acting based on his religious opinions and caused him to lose something due to them. (assuming the truth of all statements in the orriginal post.)
IMHO, IANAL, etc.
-Kahuna Burger
...will work for Chick tracts...
So, freedom of speech should only be protected if it's speech of which you approve?
No, you're missing the point, which would be a fairly good one without the moron level inability to understand the term pro-choice.
The question was not whether the opinion was a "good" one or not. The question is "are we talking about an unpopular opinion or inappropriately flaming a group?" The fact that both pro-choice and pro-life opions could fall into this catagory, depending on where they were said should have been a good pointer on this distinction.
There is a difference between an "unpopular religious opinon", like saying on a catholic chat group that you don't know if Mother Tereasa actually meets the Church's requirements for sainthood, and a "religiously worded flame" like going into a abortion support chat room and doing the all caps shout that you are all filthy in the eyes of the lord for your murderous ways. It certainly effects how much slack your ISP is going to cut you when you start getting DoSed.
So the question is not how I, you or the ISP feels about the specific opinion expressed. The quest is whether it was expressed in a forum appropriate to it or in one where its just a distruptive attack itself.
-Kahuna Burger
...will work for Chick tracts...
I, for one, might like to see:
1. better technical response to DoS attacks... so that ISPs need not suspend good users' accounts,
2. better ways to post opinions (that, for reasons beyond me, seem to attract DoS attacks) anonymously... so that the attackers shouldn't know where to aim their arrows...),
3. independent means of determining that such DoS attacks (as may be claimed by an ISP) have actually occured and to which user(s)/account(s)... so that an ISP can't (whether inadvertantly or intentionally) just -say- "It's you" and suspend a user's account, and
4. legislation that protects users' rights when there is no evidence that they have "incited" DoS attacks (or the like)... so that ISPs use technologies hinted at in points 1 or 3 (above) -and- give DoS-attracting users an opportunity to use those in point 2, i.e. -before-pulling a good user's account.
Note: I intend there to be a great difference between "having been a catalyst to" and [having] "incited" a DoS (or other) attack.
We're not talking about the police (i.e. government) doing anything. We're talking about a private business taking steps to insure its business.
The US Constitution's First Amendment guarantees freedom of speech from _government_ censorship. That is, it limits the power of government. It does not say that one private citizen (or business) *must* bear the burden to insure another citizen's freedom of speech. I can choose to stand up for you, but I can't be compelled to do so. That's my freedom.
I'm sure you've seen the signs in restaurants that say "we reserve the right to refuse service". That's basically what this is, and there's probably a similar clause in the ISPs AUP to cover it. It wasn't done for any reason that could be covered by civil rights legislation (they aren't terminating the account because the user posted religious opinion). It was done because that one person's patronage was hurting business.
A more apt analogy would be to compare this to ISPs who terminate accounts using Napster. That is, something you did used an unfair share of system resources and we choose not to support your activity in the future.
I think it's unfair to the user (essentially an innocent bystander) and it's a damn shame it's come to this, but the ISP has a point. If you want to throw stones, throw them at the script kiddies who are censoring the net.
micco
The ISP I work for, has a "Terms and Agreements" in the sign up process, and the user must sign it (can't be done over the web).
If I agree with it or not, that is a differant story, since I could be byasied or dis-gruntled.
In the "Terms and Agreements" it states (this is from memory, so it might be off a few words) that "XXX ISP may cancel your account at anytime for any reason with or without notification or justification and you the user are also free to cacncel your account at anytime for any reason with notification, but with or without justification" Also in there they have "XXX ISP may deny or refuse providing products or services to anyone at anytime for any reason"
From a legal stand point, an ISP is a private company (not goverment owned or funded (in most cases in the United States)) and can pretty much get away with a lot.
If user "Tim" is getting DDOS ever day causing the ISP to deny services to other customers, is that really Tim's fault? No. If they disabled Tim's account would the other users be able to access the Internet (and get what they are paying for)? probably, maybe..
Most business-es (including mine) are hard up for the bottom line, which is money. If they are losing money or non making as much as they could because user Tim is posting strong opinions, from that companies view, which is more important, standing up for some guy they never meet or making money?
I am not saying any of this is right or moral, I am just state-ing what the legal and company point of views might be ( not stating these are their points of view, just my interpation of things)
The above post does not represent my employer, they are my humble opinions and mine only.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Essentially, what should be done is the following: 1. They should switch the target individiual to a different anonymous account. 2. Suspend their current account 3. Legally go after the DoS'er 4. Once the DoS'er is taken care of, restore the customer.
.. punishing someone for something they have little or no control over.
..
Yeah, he may have provoked it in some way, but once someone decides to DoS a particular user, there's not much that user can do to stop it, even if someone happens to feel like they 'deserved' it somehow. By that logic, why not shut down a user's account because someone sends them email you don't approve of, or lock down their website because they're getting hits from the wrong part of the world?
Maybe I'm just being clueless here, but this sounds completely nuts to me. Even if this guy was an obnoxious luser, he still has rights, and he's definitely not the appropriate target for this response. IP block the guy who's trashing him, maybe block his subnet and/or notify his ISP, but the poor guy who's getting hit has very few options and shouldn't be punished for something he doesn't have the power to stop. Just my $.02
73 de N5VB (ex-KD5BIV) AR SK
I concur with the others questioning this story. It certainly could have happened (and most likely if it did, the ISP was within its legal if not moral rights), but absolutely no supporting info is given. If it did happen as reported, and there isn't more to the story than that, we need to know who the ISP was, so they (both the company, and the individuals who run it, I'm a big believer in holding individuals personally accountable) can be held up for community scorn and derision, and to warn people that they're spineless scum who can't be trusted with one's business. OTOH, it's a little premature to be calling for the rope just yet.
How can someone possibly be removed from their ISP just for expressing an opinion? Instead of removing the victim, why doesn't the ISP try to do something about the attackers? Also, by losing his ISP even though he followed the AUP, isn't that a pretty grey-area issue? I would assume a lawyer would have a field day with that.
There are four boxes used in defense of liberty: soap, ballot, jury, ammo. Use in that order.
The unavoidable point here is that, from an ISPs point of view, people solliciting abuse are almost as bad as the ones causing it: they just want the trouble to go away. Some user cooperation is a good thing here, and may avoid kneejerk reactions like account termination (which, just to reiterate, is stupid and wrong...)
"The needs of the many outweigh the needs of the few, or one..."
If I'm an ISP with hundreds of customers, suspending one account to protect my infrastructure and the operation of my other clients seems fair to me.
What was the ISP supposed to do? Allow the DOS to continue unchecked?
The problem, of course, would be if he was banned from the ISP because of the incident, but that doesn't seem to be the case here.
Even though the response to this simple concept has been scorned by the readers, I would have to agree with the decision for the most part simply because of "business sense"... I agree that the account should be disabled to prevent the attacks, but I do not believe that the user who's account (in this case) was disabled should be denied service. What about creating an alternate account that the user can use INSTEAD OF the one that is being attacked... if it is a DSL IP based attack this could be a costly venture since IP blocks unless NATed are hard to come by... so... let me open up this question a little further. For those of you who opt to disable that individial's account / and or give them a different account; what would you have the ISP do?
Not that I disagree with the basic notion that the internet should remain free, but free speech has never been absolute and unfettered. Libel, copyright violation, broadcasting military secrets, and the like have never been protected. And well that some forms of speech shouldn't be protected. After all, those DoS packets could be considered a form of free speech and we want them silenced!
Every time that hyperlibertarians support grossly illegal behavior, like massive copyright violation, under the mantle of free speech, it gives the authoritarians who want to shut down all unapproved speech more ammunition. Free speech is important, but it shouldn't be used as a cover for violating other peoples' rights.
There's no point in questioning authority if you aren't going to listen to the answers.
how about "we don't want you living in our neighborhood because your [insert here] may cause problems."?
this is bad. Personally, if it is an US based ISP(or any company for that matter) I would sue on the grounds that
a. Freedom of speech
b. Freedom of Religion.
I don't think sueing should be the knee jerk reaction in most cases, but somethng like this will be awfull hard to stop, once it become common place.
Contact the ACLU immediatly.
The Kruger Dunning explains most post on
The account provoked the attack by their behavior, 99.9% of the time on IRC, and 95% of the time in the course of channel wars.
what about that other small percent that did nothing to provoke the attack? If I publish a viewpoint on a web site that some other person doesn't like, I lose my provider?
If you started a church someplace, and one person blocks a major highway to protest it, are they goint to make you move your church? no.
The Kruger Dunning explains most post on
Cool. Thanks.
The Kruger Dunning explains most post on
So, if my house gets broken into, and my TV gets stolen, the police should take everything else I own, to prevent future thefts?
ISP's now added to:
[list of "evil" corporation types redacted]
There are still clueful ISPs (like my own) but they aren't bottom dollar providers. I pay $32.50/month for ppp plus $10/month for an extra shell account (<gasp!> a shell account?) for my wife. In exchange, I get an ISP with plenty of capacity, static IP addresses and an excess of clue.
Anomalous: inconsistent with or deviating from what is usual, normal, or expected
Anomalous: deviating from what is usual, normal, or expected
Canard: a false or unfounded repor
Wait a minute: your point seems to be that even if the attacked site wasn't responsible in any way for the attack, the ISP is entitled to stop hosting the site so as to protect other customers. Following this logic, in case a site attracts lots of traffic because of interesting content or is victim of a " /. attack", to the point of compromising the ISP's bandwidth, you would, as an ISP, just terminate the service?
I get emails like this all the time. So far, not one has proved to be true. If I apply the same filter to this submission that I do to my email it bears all the earmarks of a hoax.
In short, nothing verifiable in the story at all.
carlos
--
As a matter of fact, I am a lawyer. But I play an actor on TV.
I guess they just suffered one attack too many, because one day their network provider told them to get the machines off the system. The ISP ended up selling the customer accounts to another ISP and closing up shop.
Edward Burr
Edward Burr
Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
If this ISP is like your typical ISP, then it's a business-- meaning it's there to make money. I'm sure someone's pointed this out already.
Now, if they get DoS attacks against them, they can lose a LOT of paying customers. If they can stop the attacks simply by terminating one user's account, then they'll do so! Most ISP's are not in the game for any idealistic standpoint.
So if you're concerned about this, you're concerned about capitalism and corporatism in general-- because this is how they work. (I'm not calling you a damned commie-- I'm also concerned about this.)
The only way the typical ISP would behave otherwise is if there are laws or incentives. i.e. a law against it, which would probably do more harm than good, or a reward or somesuch for helping shut down the perpetrators of the DoS attack.
The DoS attacks you recieved were probably off of a 56K modem (I could be wrong) while this attack came from a group of script kiddies with an unknown total of bandwidth. It's impossible to say whether or not the ISP should have been able to handle it without more info. How much bandwidth do they have? How much did the attackers have? How long was the attack sustained?
From the ISP's standpoint, I can understand that they don't want DoS attacks affecting their machines because most of their users also going to be affected.
However, if the DoS attacks originated from inside the ISP, then they (the ISP) should have taken action against the individuals who attacked the user -- not vice versa.
It's not the user's fault that someone else found their material objectionable. The ISP should take steps to prevent future attacks by securing their systems or blocking the attackers, not by dropping innocent users.
dc
--
Wooden armaments to battle your imaginary foes!
I think it's stupid act from ISP's to bend under
will of DoS attackers. It just shows they have no
real defense against them, and what stops
attackers doing it again, even if the object is
disconneted? If they are serious about the profit,
they should find another way to stop DoS attacks.
Once again we blame the victim. It's one reason so much crime goes unreported. I really think the ISP is on shaky ground disconnecting someone because of their religious viewpoints. In act I smell a lawsuit.
If we let this kind of behaviour continue, we are going to lose all the ground we could have gained from a truly free internet.
I'm an admin at a medium sized ISP. We've repeatedly had situations where the actions of one user are affecting the service we can provide to our other users. When one person floods the network and no one else can use it as a result, what do you do?
Our contract says we can pull the plug for no reason if we feel like it. Our customers signed it, even if they didn't read it.
The user in the story is a little different only because the attack is coming from the outside. It's not as easy to call that abuse and pull the plug, but the choice is the same: let it go and let everyone suffer, or deny service to this one customer and continue to provide service to the other customers.
If I were using an ISP that was continually under attack, for any reason, and I couldn't use the service, I'd go to another one. As a customer, I'm not going to feel good about some principle being upheld if I can't work or play as I want. If all of my customers make that same decision when I let abuse continue, I'm out of business. My consolation after bankruptcy will be what? That I continued to provide what little service I could to some user who was hurting everyone else?
More like someone sets your house on fire, and the fire department demolishes it to keep it from burning down the whole neighborhood.
Yes, I do feel victimized by my ISP. I feel even worse for using DOS all those years, too. Once I discovered the FreeBSD operating system written by Raymond S. Ericsson, I found that DOS was not so great.
--
--
fat lenny's gonna lick your brain today.
to silence speech you disagree with. Once an ISP sets the precedent that they will suspend a user who they determine to be the target of an attack that disrupts the ISP's business, they will repeat this action. Once you learn that the usenet poster you hate is a customer of this ISP, you attack the ISP and leave hints that it is this guy you are after. Minutes later the ISP shuts the guy off to stop you from attacking their network. Sound business practice! :-(
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Guess maybe assume the attacks are being launched when the guy shows up on IRC or something, when he doesn't come back anymore, the floods stop?
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Seems to me that this is a quick-and-easy fix for the ISP: "Rather than find a way to help our client help (protect) himself (and ourselves), rather than being a good *service*, we'll take the easy way out and just shut-down the client and call it good. "
It suprises me that more ISPs haven't done this. I figure many, if not most providers have a bandwidth limitation in their TOS that, in this kind of situation, they could pull out at their convenience(sp?).
the lyf so short, the craft so long to lerne. - Chaucer
Fact is, the whole point of business is to make a prfit for its shareholders, & nothing else. So there's nothing wrong with a company dumping a client, if for some totally unblameless reason, doing business with the company is effecting the bottom line. Why do you think that govt sometimes bring out legislation to inhibit the worse aspects of corporatism? Because to put it simply, where ethics negatively effects the bottom line (sometimes ethics can have a positive effect on the bottom line to, in which case businesses are quite happy to have ethics or try to give the impression they have ethics anyway), occasionally someone may be deemed necessary for a bit of legislation.
I have heard of this before, but mainly with co-location customers. The ISP's try and say 'you are responsible for ALL bandwidth coming TO your server from the internet, not just from', which is just wrong. We all know that 99% of traffic coming to your server you have no control of, and if someone decides to attack your server, then theres nothing you can do but contact the ISP where the attack came from, and call the relivant authority of computer crimes in your state/country. But I've heard of not just suspensions, but account terminations, which is going too far.
Personally, I would not sign any contract that basically says 'you are responsible for all bandwidth going TO you aswell as FROM you', and would sue if someone tried to remove my account or co-located box because of traffic that was totally unsolicited.
I would also like to hear how the ISP's can hold up this defence in court, they could easily claim traffic FROM you is your juristiction, because its from your system, but hell, I could ping the pentagon if I wanted, does that mean its the pentagon's fault for being pinged?
Keeping in mind of course, that most ISP's wont firewall traffic EVEN IF it is requested by the client. I mean, essentially the client is saying 'I dont want responsibility of this traffic, therefore I dont want to recieve it at all', and yet the ISP refuses to firewall it, and then have the gaul to blame the co-located box owner when they recieve traffic that they ASKED TO BE BLOCKED.
The ISP industry has alot to answer for.
When there is a DOS attack, an ISP must react quickly. Perhaps this was a dedicated account (T1,DSL etc.). The only option for stopping the attack quickly is to shut it down. One would hope that once the dust settles, that the ISP would re-open the account with a different IP address. In short, I don't blame the ISP, there were no other options. It not at all like cow-towing to a terrorist. The DoS attack is as if the terrorist had already shot the hostage and now remedial action is required for the victim
Hey there, not to sound too much like a newbie cause I am not, but I have never heard the term smurf attack before... could someone tell me what it is?
When a new user signs up for dial-up access with my company, I don't automatically assign a static IP. I assume that you understand this. OK, so if someone was doing a DoS attack on a user of mine, it would affect all of users, and my hosting through whichever IP they are DoS-ing. Therefore I could do what? I've had this happen once, and I ended up reconfiguring my router to disallow an unknown IP from outside. This didn't fix everything, but it significantly reduced the amount of burden on my servers.
regards,
Benjamin Carlson
"If voting could really change things, it would be illegal. " - Revolution Books, NY
If I terminate an account of my customers, how do the perpetrators know that I've done this? And even if they realize this what reason would they have for stopping? I've just removed the object of their entertainment, so why wouldn't they contiue to target me?
regards,
Benjamin Carlson
"If voting could really change things, it would be illegal. " - Revolution Books, NY
True, it's annoying. But when their security department refuses to start logging or doing anything at all on their end to help us get to the heart of the problem until they get a subpeona... They get one.
- No matter how subtle the wizard, a knife between the shoulder blades really cramps his style.
"I wonder if they would have thought they could get away with this had it been 'You're black and we don't want the racists to break our windows so we ain't selling you an account.'
This is not anything like racism. I am not saying I agree with the ISP. But an ISP that bans African Americans is different than one that bans xtian or other fundie groups. The essence of discrimination is not in the judgement of a SOCIAL group...but the pre-judgement of a biological group.
Noone chose to be born black or a woman or indian. Therefore it is wrong to discriminate on that basis. People DO choose to become fundies, skinheads, etc. And there is nothing wrong with refusing service to such groups. I can refuse to serve bloods and crips (as gang members) but can not refuse service African Americans as a race.
Tough luck fot the site. But standing up for the coices ONE MAKES of their OWN FREE WILL is different than living in a racist society that discriminates against something YOU COULD NOT CHOOSE FOR OR AGAINST.
I hate these comparisons to racism...think about your analogies before use.
Tom
Reality does not happen until you analyze the dots. -Don DeLillo (Underworld)
Canard a duck?
Got a problem with that?
I feel the ISP has the right to boot anyone. After all it's their equipment. They forked over the dough to buy it and maintain it. If they don't want someone messing with they have the right to cut the problem off at the root. If they go around chopping off service to people that do nothing but play cyber poker then that would start to reflect bad business practices. If, on the other hand, someone is attacking their system because a user made an, albeit unintentional, comment that pissed someone off, then I see no problem with denying that user. It's their world. Although they should also look into finding the people that did mess with their stuff. This dilemma is going to be around for a long time seeing as how the world is full of people that have nothing better to do than fulfill a self indulgent interest in beating up on others.
No sig for you!!
However, it's total hearsay, no ISP is cited, no news agency, nothing. How is one to know if this is even true?
In either case, the user banned, if there even is such a user, should sue for breach of contract, and sue his attackers as well. Presumably at least one of them was stupid enough to use his real IP.
Ah, but the choice we are talking about here is the choice to destroy (at the very least) unique human potential. I don't want to get into a flame-war over this, because I actually have a lot of sympathy with your line of thought, but the semantic game of useing "pro-something-nice-sounding" for your side and "anti-" or the same for your opposition is silly.
As far as I am concerned, those who favor the legal choice of women to abort their unborn children with few or no restrictions are not "pro-choice" or "anti-life", but pro-abortion , because they believe the practice of unrestricted legal abortion should remain as it is.
Likewise, those on the other side of the fence are not "pro-life" or "anti-choice", but anti-abortion , because they believe laws should be put in place to ban (or drastically reduce) the number of abortions that are legal to perform.
The one thing I really hate about this debate as it rages in America is that neither side is willing to listen to each other, even for a moment. To the anti-abortionists, it seems obvious that their opponents don't give a damn about the sanctity of human life, and are unconcerned about the fact that the vast majority of abortions are cases of frivolous last-minute birth control by women who have multiple abortions instead of taking wise precautions. To the pro-abortionists, it seems equally obvious, that their opponents are screaming religious fanatics who want women to stay barefoot & pregnant, don't want anyone to have sex for pleasure, and don't give a damn about indiviual liberty or women dying in back-alley abortions or killing themselves with coat hangers.
So the discussion becomes pointless. Two groups, thinking they are arguing about the same issue, but are really just trying to shout each other down in order to frame the debate.
Allow me to summarize the opinion of most of the rest of us:
1) Abortions are bad, and should not happen very often. Even those of us who do not consider it killing recognize that such a wide-spread practice cheapens human life, which most of us believe should be valued.
2) Banning all abortions would be draconian and evil, because it would threaten the liberty, and in some cases the lives, of many women.
3) Some restrictions might be acceptable, as long as the law acknowledges that sometimes this horrible choice is justifiable, and in those situations the decision should be made by individuals (specifically, the pregnant woman in question), not by the government.
4) The unborn may (or may not) fit our definition of a "person", but just like you might have to shoot somebody who breaks into your house, or a general might have to bomb a bridge that has innocent people on it. The sad reality is that sometimes people are killed, and that does not always make it murder.
I'm sure the extremists on both sides consider me horribly misguided for holding opinions like this, but it is my sincere belief that, if democracy works at all, we will eventually arrive as a middle ground along these lines, and those shouting from the left and right can only slow us down.
I hope I didn't ruffle too many feathers, though. I really think we need more calm surrounding the issue.
(I appologize, to all who are not interested, for following such an off-topic thread. Moderate as you see fit.)
Information wants to be anthropomorphized.
I recently heard a story on a newsgroup about a rumour of an unsubstantiated off-the-record comment that indicates that someone might have had their account terminated for saying that Napster was good.
I mean, come on. Perhaps we can have a little more journalistic integrity than posting stories from some nameless submittor about some nameless ISP that allegedly (but there's no proof) kicked out some nameless user. Or perhaps you believe these stories.
nal 11
First, if the ISP was getting hammered, then I assume it's a dial-up because if the user had a static ip, they could just DoS him directly.
So, if it's a dial-up and his ISP can't stop these people from DoSing them to death, then they deserve whatever they get. It is hard to stop a DoS, but not when the same group of people keep doing it to the same servers day in and day out...the repetition is exactly what makes it traceable.
Furthermore, as someone else already stated, what good would it do to DoS a dial-up user? As soon as he changes ISPs, you lost him. Hell, he can sign up for a free NetZero account and annoy you from there if he wants. Try DoSing them to death and see how many days you can do it for before they can irrefutably nail you.
So if it's a not a dial-up, then why would they need to cancel his account? Methinks our anonymous submitter has pulled a fast one on /.
It's not funny till someone gets hurt.
No doubt some of the posters are hyperlibertarians, but what has this got to do with the orignal question? There was not even the remotest suggestion that the religious site was enagaing in any sort of behavior that was in any way illegal. Nor was there any suggestion that the relgious site was enagaged in activities that might be construed as violating other anyone else's rights.
In this case the ISP closed down free expression of religious views, because some anonymous cowards electronically attacked the ISP for hosting the religious site. Seems like bad business, a horrible precedent, and downright lousy behavior.
Full disclosure: I am no hyperlibertarian, I'm generally a cybercentrist. Furthermore, personally I find nearly all religious views childish and often find them offensive, Marx and Engles were too easy on religion. But even holding these views, it seems obvious that protecting free expression of religious views is nearly the purest example of the sort of speach that should be protected.
The essence of free expression on the internet is that we must endure both the hyperlibertarians and the authoritarians. Whether we like it or not, they have the right to express themselves and their debate will be conducted here as it will be elsewhere. We can only hope that neither camp wins, though the pendulum will certainly swing between them.
Anyway, their free speech is the price I pay for the right to offer up my insights/not.
The ISP was wrong. People who side with censorship should not be in the position to stop internet access to anyone. The internet is about freedom of expression, and those who would stifle that (both the attackers and the ISP) should be spanked - literally.
"In a time of universal deceit, telling the truth is a revolutionary act!" -- George Orwell (Eric Arthur Blair)
To make another analogy in this series: suppose a gunmaker sells a gun to both a pyschopath and someone who wants to protect himself from psychopaths. The psychopath goes and kills 50 people, prompting the police to kill him.
Shouldn't the gun company have the right to allow background checks, and disallow gun sales to other nuts, so this doesn't happen in the future?
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
It's been said before, but I'm really terrified of the path we are increasingly following. When I read Titan by Stephen Baxter, I thought his future vision of a regulated and partitioned Internet, heavily under the thrall of government censorship, was insane. A free and open Internet is impossible to prevent, I thought. But it's not. All the government has to do is go to some buildings somewhere in the country and take over, and they can cut links to the outside world -- not easily, but they can. They can shut down all but government-sanctioned communication. And if current trends of regulation, censorship and litigation continue, this is what will happen. We will trade a completely free medium for the petty dollars being lost by a few big companies, we will trade the ability to express ourselves for the dubious security of thought police.
Are we insane? Why are we letting this happen? Every libel case, every time a site is shut down, every time another mouth is hushed we get closer to giving up our freedoms. And we're not doing anything about it. We need to stop these idiocies, we need to convince the lawmakers and the public at large that nothing is worth the abolition of free and unfettered speech. And above all, we need to do it now.
Otherwise, we'll just keep complaining about our lack of freedom until finally, one day, somebody tells us that we can't.
Smurf attacks *should* be a thing of the past for the majority of the internet as these directed broadcasts *should* be filtered on all Internet routers.
As smurf attacks of course cost bandwidth of the amplifying subnet as well. So, if any router admins read this, please filter this traffic.
On a Cisco, the command:
no ip directed-broadcast
Should be appiled to every real interface on the router.
A journey of a thousand miles starts with a brutal anal raping at airport security
Should be appiled to every real interface on the router.
Just to qualify this better in case any CCNAs feel like correcting me:
This will not filter any traffic intended for a downstream host i.e. block traffic to the victim of a smurf attack. It will cause no slow down in routing as it blocks only traffic where the amplifier subnet is locally connected, i.e. it'll only help if the initial directed broadcast packet's target subnet address is connect to the interface with this command applied.
Not really any use on point to point links but a must for any interface that has a largish subnet attached to it that contains public Internet addresses. For example: CMTS subnets from cable ISPs, virtual dialer interfaces from dial in ISP etc...
In IOS 12.0 the command is added automatically to the configuration for you but as a lot of ISPs are running older IOS revisions, this is worth mentioning.
A journey of a thousand miles starts with a brutal anal raping at airport security
Additionally, the ISP should either have the bandwidth to handle a DOS attack like that, or the facilities on their router to block it out. If not, you should definately consider a better isp.
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
This sounds like a shortsighted and panicky response by an ignorant sysad to something they couldn't handle. The existence of an account (or its lack) will have very little affect on most DoS attacks.
Whatever the ISP's thought process was, there are a few things we as customers can do. We can write/email/call to complain about this type of treatment and, if warranted, boycott the ISP.
After all, they need to keep customers happy to make a profit. What ISP was it?
Any doctrine that weakens personal responsibility for judgement or action helps create a climate that welcomes an
In fact, I think that these ISPs should make their, ah, discretion into a marketing tool. The public should be able to instantly recognize when a service is willing to cut someone loose when they dare to provide any sort of controversial content of any type--heck, any sort of content at all. (That's why our world is blessed with so many large, benevolent media conglomerates, after all.)
Now all we need is a logo. I suggest a cheerful cartoon of a barnyard fowl in the process of elimination. Impossible to miss!
I looked into the abyss, and the abyss looked into me--and we both winked.
Would IBM or whoever contracts their IS and 'Net services terminate because it's too much trouble to deal with the DoS attacks?
I was the victim of a smurf. Instead of taking me out though, they took the ISP out. What did the ISP do? They yelled at me, fortunately it hasn't happened again. However, a little off topic but if you harass someone on IRC and they contact your ISP, pray your ISP admin knows that /ignore is an option, because my ISP (Computer Country in Medford, OR) yanked mine for that reason.
Could we consider the internet a test of just how much we truly value freedom of speech and the open discussion of opinions without the urge to attack and suppress them? It kind of gives one pause to wonder, if we as a society truly value the free exchange of ideas... or are they just feel good words? This particular issue doesn't have to do with copyrights, intellectual property, patents, illegal acts... a person put out some opinions... I don't know the nature... I don't care... he was attacked and for that... his ISP kicked him. So it seems to me the same old pattern... "I don't agree with you, so I'll just shut you up instead of discussing with you."
Humorless sig goes here.
Not a bad redux of the issue. The problem is that extremists never listen to reason, and that what has made the pro-choice people so vehement is the perceived need to counter the draconian, busybody, sanctimonious prattle of the religious "pro-life" fanatics.
By me, abortion availability is a neccessary evil. If I was dictator, I say "Yeah, you can have an abortion, but you must take this 5-year NorPlant implant too, and removing it for anything other than life threatening circumstances (or failure of the device) will bar you from ever getting another abortion...". But I'm not.
Back on topic, I know of a number of "religious" (but hate filled) sites that I would love to see go away. However, I can't countenance yanking someone's account because some script kiddies objected. On the bright side, they can always get a new ISP, and then host their web site on a different web hosting server (one with a clue!)
use Sig::Witty;
Now, before you start moaning about clueless users and cablemodems; if most people get cable modems just to surf the web, they could ask their ISP to put them behind a firewall that blocks most ports, thus avoiding individual configuration responsiblity.
Grrrrr. The ISPs (like @home) that sell cable modem service don't have their users behind a firewall. We have cable, and our limited firewall (on our machines) is constantly logging port scans and attempted inbound traffic to our machine. What's worse is that the @home network is generating some of the port access attempts (NNTP, of all things, to weird ports.)
The worst part is that they imply that they are secure, and that they won't allow inbound traffic (i.e. unrequested) like telnets, etc. In some ways it's the worst of both worlds for JoeUser. I'm glad I have enough clue to keep casual crap out.
use Sig::Witty;
Script Kiddie 1: This guy in IRC said he thinks I shouldn't swear so much. I wonder what I can do to him?
Script Kiddie 2: Hey, I heard that ISPs are banning users because the get DoS attacks! Let's get him!
This would happen all over, because unfortunately, the proportion of script kiddies to real hackers (in the original sense) is growing rapidly with everyone getting fast connections. Obviously, this situation would be something like anarchy. If a criminal knows his victim more likely than him will get punished, crimes will skyrocket. Let's try to find a solution that makes some sense, such as better logs and security, so distributed DoS attacks can't happen.
Sleep: A completely inadequate substitute for caffeine.
Nice hypothetical.
What ISP?
What site?
When did this happen?
Where did you read this story?
The courts would bitchslap an ISP for
such an action, and the media would crucify
said ISP's reputation (if this was handled correctly.)
-- "It was as if the paint factories had decided to deal direct with the art galleries." - Thursday Next
I'm certain that this sort of action on the part of the ISP is perfectly legal; they always have provisions in their agreements where they can refuse service to anyone for any reason. Having the user that the attacks are aimed at removed from the system seems to be a sound decision from the ISP's point of view -- they are removing one user who is bringing down the system for many users. Whether this is ethical or not is up to debate.
I honestly don't think that the user was deleted simply because the company may have disagreed with his/her point of view -- it just makes sense to have one person pissed at you instead of five hundred.
I understand that DoS attacks usually use packets with forged source addresses. But, why do ISPs allow such packets out of their own networks? Each ISP MUST know what networks they serve in order to route the incomming packets. Why dont the ISPs simply block packets coming from their network for which they have no route back? Then the source of the offending packets could be determined directly and disabled.
after reading many of the posts about this subject...i decided to add my 1 cent. I am a senior networking administrator for a small ISP in maryland, and i have a very close relationship to this subject. a user of our service went into an irc channel and provoked people....i do not know what excatly he did...but he ended up attracting attention of packet kiddies. at 2 am i got a page and ran into work to see our bandwith was just about gone, and when i looked into it, it was indeed an attack. i di much the same thing as the isp in the subject...simply checked who was dialed into the modem pool and useing that ip. i then kicked him offline and changed the passwd on his account. Why you may ask? its immoral....wrong....blah blah blah. As an isp....we excist to provide services, and people that cause unwanted attacks are not welcome to our services. many of you thought that killing a users account is illegal, and that may be true to a small number of isps....but not mine. removing the user was the best course of action for me and the company. Had that been in the middle of the day...and lasted over 1 hour, clients might have left...important clients..not dialups. im sorry if this comes off as rude to poeple, but thats how the world works. i see way to many kids that cry out that this is foul play...and wrong..but in fact..its no different then anything else that makes the world go round...just because you pay, that does not mean you WILL be givin service. if you are not a wanted customer, you will not be one. then again....there are boatloads of isps out there with more bandwith....better rules...and better customer guidelines. please look into them, cause if you cause trouble on my isp, that would be taken care of quickly. :D
sigh, another excellent post. I am really amazed at alllll the people that think up allllll these ways to solve the problem, yet not a single one has a clue how isps work. or what a budget is. or how much upstream small isps have to begin with. I cannot really blame them tho, they are simply iggnorant as to how the world works.
when the dos attack has ended the user can easily be reactivated.
corny star trek quote that perfectly states my opinion:
"the needs of the many out weigh the needs of the few or the one."