Slashdot Mirror
ISPs Victimizing DoS Victims?
"I wonder if they would have thought they could get away with this had it been 'You're black and we don't want the racists to break our windows so we ain't selling you an account.'
Where do they think they get off suspending an account just because it is getting unprovoked attacks? They'd do better getting law enforcement in on the act themselves on civil liberties grounds if nothing else, before somebody else calls them for a civil liberties foul. What do you guys think? Has this kinda thing happened to you? To your friends?"
Can your ISP suspend your account after you've been victimized by an unprovoked DoS attack? You should probably make a polite inquiry to find out, and if so, move to another.
Update: 06/07 12:27 by C : Cris Daniluk passed me the following note on the related issue of colocated boxen: "I just thought I'd send this directly to you instead of the traditional postings because I think its important enough to warrant attention. In a colocated environment, if your server or server array get DoS'd, 95% of the colocation providers will can you the same way this poor guy got canned. The difference is that if your colocated server gets canned its not as simple as calling the next $19.95/month guy down the street and being online the next day. Food for thought... " Indeed.
As a co-admin of a shell/webhosting server, I can't see what else they are supposed to do. I have never terminated a users account because they appear to be the victim of a DoS (most shell users who get DoSed do SOMETHING to deserve it, hell, so do most shell users who DONT get DoSed), but I have terminated many accounts which were committing DoS attacks..
I have had an entire networked downed for over 24 hours because of a DoS, which means the victim loses out, everyone else loses out, and we lose lots of money -- especially when a shell user brings down the webhosting side of things.
Anyway, if the user is being continually DoSed, having an account with the ISP won't do them much good, would it?
As for getting the police involved, well, a smurf is virtually untracable, the source addresses points back to the (misconfigured) amplifier network, which is totally innocent, and the packets they receive are forged to come from the victim's computer. It's difficult to filter smurfs without breaking things like ping, and if the ISP is paying per Gb, DoSes can be expensive.
The ISP has to pay for the DoS traffic (which could cost more than the customer is paying), and also might lose other customers/potential customers because of the reduced performance.
The customer loses their account (possibly their money, though if the ISP has no proof the victim did anything, I'd expect them to at least refund the remaining subscription), and maybe their e-mail address.
The ISP's AUP/TOC usually allow them to
terminate your account for little, if any, reason, and in this case, they have a pretty good reason.
Free speech is great, but should you be sued just because *you* don't want to risk your livelyhood/life/whatever to protect it?
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
Well, about 3 years ago I was running a MUD at an ISP, and we had one shell account that 3 of us shared. They knew that we were sharing it, but all they said once was "you should get separate accounts" but didn't take any action other than that. (technically it was against their TOS, but it seemed like a loose rule since they acted like it was a suggestion more than a hard and fast rule).
Anyways, one of the guys worked for the government and was logged onto the shell from his work machine. The government computer got hacked into and someone running a packet sniffer got ahold of our account's password. They did some damage to the machine (not sure what) and our account was terminated without any sort of email to my regular email address.
Then I got a call from my credit card company. Someone had tried to charge $3200 to my credit card, and the limit wasn't that high so it was denied. Then they tried $2500 and that was denied. Then they tried $1500 and that went through. They told me that it was out of the city this ISP was in, and it was for "electronic merchandise". They said that it seemed suspicious since most of my purchases were small, so they called me to ask about it.
I told my credit card company that I had an account with this ISP, and that I had used my credit card with them once, to pay the first month's bill. After that we sent a check every month.
I disputed the charges, and never heard anything about it again so I'm assuming that they resolved it. The ISP sent me bills for $3200-$1500 every month until I moved and they lost track of me.
After I got off the phone with the CC company, I called the ISP, and ended up calling the president of the ISP at home (he had a very nice wife but the guy was a dick). He said that they were charging me for the time it took them to fix the machine, billed at $80(something) an hour. They said that I broke the TOS so they were acting like I hacked the machine even though they KNEW that neither I nor my friends did.
Beware. Shit happens, it can happen to you. Some ISPs are just plain dicks. Closing your acct is one thing... trying to bill you $3200 and commit credit card fraud is another.
The above post is not a troll. This is a valid opinion, maybe it conflicts with the entire rah-rah-free-speech-screw-big-business-internet-ac cess-is-a-god-given-right mentality of the typical slashdotter but it is not a troll.
His statement is very valid. ISPs run on tight margins and it makes no sense for a business to risk losing several hundreds or thousands of customer simply to satisfy one user.
Whether the ISP even knows why the user is being harrassed is unknown and cannot be verified due to the fact that no identifying information was posted but from a financial standpoint the ISP made the best decision they could with the facts they have. Heck, the U.S. government and the combined dollars of Yahoo, eBay, and several others can't catch a bunch of DoSing script kiddies yet people expect a local(or even national) ISP to continually defy them because of 1 user ($20 a month which isn't even all profit) ?
Not that I disagree with the basic notion that the internet should remain free, but free speech has never been absolute and unfettered. Libel, copyright violation, broadcasting military secrets, and the like have never been protected. And well that some forms of speech shouldn't be protected. After all, those DoS packets could be considered a form of free speech and we want them silenced!
Every time that hyperlibertarians support grossly illegal behavior, like massive copyright violation, under the mantle of free speech, it gives the authoritarians who want to shut down all unapproved speech more ammunition. Free speech is important, but it shouldn't be used as a cover for violating other peoples' rights.
There's no point in questioning authority if you aren't going to listen to the answers.
It's been said before, but I'm really terrified of the path we are increasingly following. When I read Titan by Stephen Baxter, I thought his future vision of a regulated and partitioned Internet, heavily under the thrall of government censorship, was insane. A free and open Internet is impossible to prevent, I thought. But it's not. All the government has to do is go to some buildings somewhere in the country and take over, and they can cut links to the outside world -- not easily, but they can. They can shut down all but government-sanctioned communication. And if current trends of regulation, censorship and litigation continue, this is what will happen. We will trade a completely free medium for the petty dollars being lost by a few big companies, we will trade the ability to express ourselves for the dubious security of thought police.
Are we insane? Why are we letting this happen? Every libel case, every time a site is shut down, every time another mouth is hushed we get closer to giving up our freedoms. And we're not doing anything about it. We need to stop these idiocies, we need to convince the lawmakers and the public at large that nothing is worth the abolition of free and unfettered speech. And above all, we need to do it now.
Otherwise, we'll just keep complaining about our lack of freedom until finally, one day, somebody tells us that we can't.