Slashdot Mirror
ISPs Victimizing DoS Victims?
"I wonder if they would have thought they could get away with this had it been 'You're black and we don't want the racists to break our windows so we ain't selling you an account.'
Where do they think they get off suspending an account just because it is getting unprovoked attacks? They'd do better getting law enforcement in on the act themselves on civil liberties grounds if nothing else, before somebody else calls them for a civil liberties foul. What do you guys think? Has this kinda thing happened to you? To your friends?"
Can your ISP suspend your account after you've been victimized by an unprovoked DoS attack? You should probably make a polite inquiry to find out, and if so, move to another.
Update: 06/07 12:27 by C : Cris Daniluk passed me the following note on the related issue of colocated boxen: "I just thought I'd send this directly to you instead of the traditional postings because I think its important enough to warrant attention. In a colocated environment, if your server or server array get DoS'd, 95% of the colocation providers will can you the same way this poor guy got canned. The difference is that if your colocated server gets canned its not as simple as calling the next $19.95/month guy down the street and being online the next day. Food for thought... " Indeed.
This poses a particular problem in an area that lacks competition. Take me, for example. I am a Mediaone subscriber. This happens to be the only high speed 'net access available to me. If Mediaone decided to terminate my account, where would I go for high speed access? Now, if I was on a modem around here, there are hundreds of providers.
So, legally there might not be much I can do. However, I already have a plan for if/when this happens to me - I don't trust Mediaone. They are a bad ISP, and I have had go-arounds with them over their "security" scans on my computer (I later gave up and installed a firewall) up to where they tried to kick me off the network after a 15 minute e-mail notice for posting DeCSS. I later re-established my account there after 2 wks of going back and fourth with management and the magic words "restraint of trade" finally got them to reinstate my account after I took out DeCSS. Curiously enough they didn't think any of this was related to DeCSS. So much the better, I guess.. but I digress.
What I plan to do if/when Mediaone pulls the plug: First, contact the better business bureau and file a complaint. Second, contact the public utilities commissioner and file a complaint specifically outlining their monopoly on high speed access combined with their AUP as having an adverse impact on the marketplace, 3) file a complaint with the commerce department in my state, 4) go to the local press if they do something really stupid (like what happened to these poor guys - who didn't do anything). In short, my strategy will be to generate so much bad PR and get so many people calling mediaone and asking about it that they take the better part of valor and give me my account back. I may not have legal remedies, but that is no reason not to make things difficult for them. In short, there are other options...
People DO choose to become fundies, skinheads, etc. And there is nothing wrong with refusing service to such groups.
Sometimes, though, the 'choice' is a surface myth which doesn't really exist --- the vast majority of people who grow up in heavily fundamentalist families remain fundamentalist; did they 'choose' that? (This isn't a flame, really, but a serious question; the borders of the space defined by the word 'choice' are extremely fuzzy when analyzed philisophically).
I must disagree, though, with the second part of your statement: it is not true that 'there is nothing wrong with refusing service to such groups'; aside form being simply bad economics in most cases (Marriott's refusing to rent to non-married couples, for example, would be economically absurd), there really isn't that much difference between refusing to serve food to a black man and refusing to serve food to a christian fundamentalist: they are both arbitrary decisions based on characteristics of the person which are *irrelevant to the situation at hand*. The only difference is that race is *almost always* irrelevant, whereas religion is occasionally relevant.
As a co-admin of a shell/webhosting server, I can't see what else they are supposed to do. I have never terminated a users account because they appear to be the victim of a DoS (most shell users who get DoSed do SOMETHING to deserve it, hell, so do most shell users who DONT get DoSed), but I have terminated many accounts which were committing DoS attacks..
I have had an entire networked downed for over 24 hours because of a DoS, which means the victim loses out, everyone else loses out, and we lose lots of money -- especially when a shell user brings down the webhosting side of things.
Anyway, if the user is being continually DoSed, having an account with the ISP won't do them much good, would it?
As for getting the police involved, well, a smurf is virtually untracable, the source addresses points back to the (misconfigured) amplifier network, which is totally innocent, and the packets they receive are forged to come from the victim's computer. It's difficult to filter smurfs without breaking things like ping, and if the ISP is paying per Gb, DoSes can be expensive.
The ISP has to pay for the DoS traffic (which could cost more than the customer is paying), and also might lose other customers/potential customers because of the reduced performance.
The customer loses their account (possibly their money, though if the ISP has no proof the victim did anything, I'd expect them to at least refund the remaining subscription), and maybe their e-mail address.
The ISP's AUP/TOC usually allow them to
terminate your account for little, if any, reason, and in this case, they have a pretty good reason.
Free speech is great, but should you be sued just because *you* don't want to risk your livelyhood/life/whatever to protect it?
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
What a great way to promote DoS attacks. User A does something to piss off a script kiddie. Script kiddie launchs a DoS attack against User A's ISP. The ISP kicks User A off. The script kiddie congradulates himself on his own success.
And tells his friends.
And soon we see even more DoS attacks.
Just like the worst response to real terrorism is to give in to the terrorists, the worst response to virtual terrorism is to give in to the terrorists.
The cake is a pie
Well, about 3 years ago I was running a MUD at an ISP, and we had one shell account that 3 of us shared. They knew that we were sharing it, but all they said once was "you should get separate accounts" but didn't take any action other than that. (technically it was against their TOS, but it seemed like a loose rule since they acted like it was a suggestion more than a hard and fast rule).
Anyways, one of the guys worked for the government and was logged onto the shell from his work machine. The government computer got hacked into and someone running a packet sniffer got ahold of our account's password. They did some damage to the machine (not sure what) and our account was terminated without any sort of email to my regular email address.
Then I got a call from my credit card company. Someone had tried to charge $3200 to my credit card, and the limit wasn't that high so it was denied. Then they tried $2500 and that was denied. Then they tried $1500 and that went through. They told me that it was out of the city this ISP was in, and it was for "electronic merchandise". They said that it seemed suspicious since most of my purchases were small, so they called me to ask about it.
I told my credit card company that I had an account with this ISP, and that I had used my credit card with them once, to pay the first month's bill. After that we sent a check every month.
I disputed the charges, and never heard anything about it again so I'm assuming that they resolved it. The ISP sent me bills for $3200-$1500 every month until I moved and they lost track of me.
After I got off the phone with the CC company, I called the ISP, and ended up calling the president of the ISP at home (he had a very nice wife but the guy was a dick). He said that they were charging me for the time it took them to fix the machine, billed at $80(something) an hour. They said that I broke the TOS so they were acting like I hacked the machine even though they KNEW that neither I nor my friends did.
Beware. Shit happens, it can happen to you. Some ISPs are just plain dicks. Closing your acct is one thing... trying to bill you $3200 and commit credit card fraud is another.
This problem might be more attackable at the hardware provider level. Get Cisco and the other router makers to set their routers up to automatically include these rules (Possibly with the ability to turn them off) and you'd severely cut back on the number of DOSes. Even some of the newer attacks that involve using thousands of compromised machines use packet forging to obscure the return address. Eliminate packet forging and all of a sudden your attacker is two easy hops from being caught.
The question is, if I'm the victim of a forged packet attack, can I sue Cisco for not setting their routers up to prevent packet forging?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
As a co-admin of a shell/webhosting server, I can't see what else they are supposed to do.
/Duncan
[SNIP]
have had an entire networked downed for over 24 hours because of a DoS, which means the victim loses out, everyone else loses out, and we lose lots of money -- especially when a shell user brings down the webhosting side of things.
Come on now, this doesn't make sense. Killing the target won't help during the attack
During the attack you:
1. Find the source or sources of the DOS
2. Block/Filter this at your guardian routers
3. Communicate with the source ISPs.
4. Other net admin steps I forgot
Killing the account must have come later during the "how do we prevent this from happening again" discussion. Obviously this is a stupid reaction. DOS attacks are something you can't ignore by placing your head in the ground and refusing to believe legimate people are being attacked.
If you are an ISP it is your responsibility to learn to handle this kind of attack in stride
Duncan Watson -Rock climbing, Encryption, privacy
PGP Fingerprint -PGP Key on www.keyserver.net
Duncan Watson
If that wasn't in the contract s/he signed when they signed up with that ISP, then I would say (IANAL) that they could sue for damages.
The bigger question though is how many ISPs have something like this in their terms and conditions contract. I'll have to go check my ISPs paperwork to see if it's in my contract for service.
LongTail SSH Brute Force analysis tool is here!
The above post is not a troll. This is a valid opinion, maybe it conflicts with the entire rah-rah-free-speech-screw-big-business-internet-ac cess-is-a-god-given-right mentality of the typical slashdotter but it is not a troll.
His statement is very valid. ISPs run on tight margins and it makes no sense for a business to risk losing several hundreds or thousands of customer simply to satisfy one user.
Whether the ISP even knows why the user is being harrassed is unknown and cannot be verified due to the fact that no identifying information was posted but from a financial standpoint the ISP made the best decision they could with the facts they have. Heck, the U.S. government and the combined dollars of Yahoo, eBay, and several others can't catch a bunch of DoSing script kiddies yet people expect a local(or even national) ISP to continually defy them because of 1 user ($20 a month which isn't even all profit) ?
Not that I disagree with the basic notion that the internet should remain free, but free speech has never been absolute and unfettered. Libel, copyright violation, broadcasting military secrets, and the like have never been protected. And well that some forms of speech shouldn't be protected. After all, those DoS packets could be considered a form of free speech and we want them silenced!
Every time that hyperlibertarians support grossly illegal behavior, like massive copyright violation, under the mantle of free speech, it gives the authoritarians who want to shut down all unapproved speech more ammunition. Free speech is important, but it shouldn't be used as a cover for violating other peoples' rights.
There's no point in questioning authority if you aren't going to listen to the answers.
So, if my house gets broken into, and my TV gets stolen, the police should take everything else I own, to prevent future thefts?
It's been said before, but I'm really terrified of the path we are increasingly following. When I read Titan by Stephen Baxter, I thought his future vision of a regulated and partitioned Internet, heavily under the thrall of government censorship, was insane. A free and open Internet is impossible to prevent, I thought. But it's not. All the government has to do is go to some buildings somewhere in the country and take over, and they can cut links to the outside world -- not easily, but they can. They can shut down all but government-sanctioned communication. And if current trends of regulation, censorship and litigation continue, this is what will happen. We will trade a completely free medium for the petty dollars being lost by a few big companies, we will trade the ability to express ourselves for the dubious security of thought police.
Are we insane? Why are we letting this happen? Every libel case, every time a site is shut down, every time another mouth is hushed we get closer to giving up our freedoms. And we're not doing anything about it. We need to stop these idiocies, we need to convince the lawmakers and the public at large that nothing is worth the abolition of free and unfettered speech. And above all, we need to do it now.
Otherwise, we'll just keep complaining about our lack of freedom until finally, one day, somebody tells us that we can't.