Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bad Behavior on the 'Net - Who Pays the Bandwidth Bill?

Posted by Cliff on from the stuff-to-talk-about dept.

rakolam asks: "I am involved with network management in the hosting department of a fairly large ISP. Constantly we have customers who dispute inbound bandwidth spikes and demand service credits on their burstable connections. Events such as the Slammer Virus literally have everyone knocking on their salesperson's door at the end of the billing cycle. My position is that the internet is a public space, and by placing themselves in that space, one has to realize the consequences (and the implications of burstable billing). I'd like Slashdot's perspective on this. Should ISP's ultimately eat the costs of malicious behavior? Is the customer ultimately responsible for the bandwidth they've generated, regardless if it's desired or not? Is this a new frontier for insurance companies?"

13 of 595 comments (clear)

  1. analogous to water/electric company IMHO by rdewald · · Score: 5, Insightful

    What happens to you if someone runs an extension cord from your house or if you spring an unknown water leak? You get a huge bill and you fix the problem. How is this different?

    --
    The best way to do is to be.
    1. Re:analogous to water/electric company IMHO by captain_craptacular · · Score: 5, Insightful

      Bad Analogy. The poster says customers dispute INCOMING bandwidth spikes. So the analogy would be more along the lines of someone sending a huge power surge through your lines un-announced and un-requested, then the power company attempting to charge you for it.

      I lean towards the consumer not having to pay, considering they didn't request the traffic and are therefore not resonsible for it.

      --
      They who would give up an essential liberty for temporary security, deserve neither liberty nor security
    2. Re:analogous to water/electric company IMHO by Fishstick · · Score: 5, Insightful

      Yep, I was thinking along the same lines. It's like having a drinking fountain outside your house for public use - you are expecting amybe 10-20 gallons monthly as people stop by and have a quick sip. Then, you get all pissed when your water bill comes and 5,000 gallons show up when the circus comes to town and all the clowns have used your water fountain to fill all their water baloons. :-)

      Do you then go ask for a credit from the utility because of the excessive/unexpected use?

      --

      There is much cruelty in the universe, John.
      Yeah, we seem to have the tour map.

    3. Re:analogous to water/electric company IMHO by luzrek · · Score: 4, Insightful
      build in clauses that say the end-user is required to notify the ISP of problematic access within a certain timeframe

      This would be like dealing with stolen credit cards. When a credit card is stolen the owner gets 24 hours to report it and is only liable for $50. If they wait up to 72 hours, they are only liable for $500. I'm not sure what happens after that. This system protects both the credit card company and the credit card user by insuring prompt reporting of stolen credit cards and fraudulent activity (and can hopefully catch the crook). This system has worked fairly well.

      The implications for ISPs and their customers for a similar system would be pretty interesting. The customers who actively monitor their network traffic and help to head off problems would be rewarded by being less liable for damage, while ISPs would be free to give the full bill to those who ignore their bandwidth usage. This system should lead to lower costs for the better customers and discurage neglegance possibly leading to better service for all.

      --

      Galium Arsenide is the material of the future, and always will be.

    4. Re:analogous to water/electric company IMHO by DanEsparza · · Score: 5, Insightful
      I completely disagree. Bandwidth is analagous to people using roads (network connections). If roads are heavily used, they must be maintained, or they fall into disrepair. If network connections are heavily used, ISP's need capital to get bigger (or more) connections so that certain service levels can be maintained.

      We don't live in an (entirely) communist world. We don't get to pass out resources indiscriminately. We have a fixed amount of resources, and as with any case of supply and demand, the person holding the supply can (and should) charge for using the resource. In the case of network bandwidth, the resource is not obvious, but it is still tangible: It is network equipment and opportunity costs.

    5. Re:analogous to water/electric company IMHO by DunbarTheInept · · Score: 4, Insightful

      Firewalling doesn't solve the problem. By the time the packet reaches the ISP's customer, it's already been counted. Whether the customer replies to the request or denies it with negative feedback, or just ignores it - doesn't matter - it's already been passed through the ISP on the way to reach the customer, so they've already counted it.

      If you hold the customer responsible, then people angry with that person can just drive up that person's cost by choosing to flood him.

      --

      Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.

  2. Users just won't pay by drfuchs · · Score: 5, Insightful

    If someone steals my credit card number, the credit card company won't even charge me the $50 that they have the legal right to. I doubt that ISPs will be able to fare any better.

  3. It's in the contract by eagle486 · · Score: 5, Insightful

    The customer pays what is in his contract. Make the language very explicit. There is no reason the ISP should eat it.

  4. In other words by djKing · · Score: 5, Insightful

    Should /. pay the bill for the /. effect?

    -Peace

    --
    Free as in "the Truth shall set you..."
  5. Balanced response. by gehrehmee · · Score: 5, Insightful

    Give them a complete or partial rebate, the first time, and have a set of "How can I protect myself?" documentation ready for the user. Email it to them, mail it to them, fax it to them, whatever it takes to get them to read it.

    Inform them that if they ignore those suggestions, and future problems end up costing them money, then they'll have to foot the bill.

    This way, the customer walks away happy and informed, and if they're really willing to be a good net citizen, they won't come back crying.

    If they're not willing to do what's required of them, they'll get stuck paying for it.

    --
    "You know, Hobbes, some days even my lucky rocketship underpants don't help" -- Calvin
  6. Re:Simple policy by sweetooth · · Score: 5, Insightful

    Protecting yourself from an attack, such as code red, doesn't mean it doesn't still eat bandwidth. It's the same with anything. I noticed today that my mail server was a little slugish. I sshd into it checked the logs and saw the same bastard attempting to send spam to the server and tons of rbl lookups were taking place. So I added the various ip's to the firewalls blacklist. So now the mail isn't processed, but whatever program they are using doesn't even bother to check to see if the mail is being accepted, it just keeps spamming. So, I'm still having a fairly large percentage of my bandwidth being eaten because of a very inconsiderate individual. Stopping code red was the same. At one point I was logging thousands of attempts every day. They were not successful, but they still ate the bandwidth.

    I don't know what the solution to the problem is exactly. As it stands now I pay for any bandwidth used regardless of how or why it was used. It would be much better if those charges could be passed along to the person responsible for abusing your bandwidth, but how that could be enforced is beyond me.

    One thing I have to note here is that the person posing the question is talking about INBOUND spikes not outbound. So your points are even less relevant.

  7. Bad business by Obiwan+Kenobi · · Score: 4, Insightful

    If you treat your customers like this, you're going to lose them. Simple as that.

    I liked the analogy someone else came up with, such as someone running an extension cord from your house to theirs. Who is responsible here?

    If I had hosting with your company, and the slammer bug hit servers that your sys admins failed to update, then you better eat that burstable bandwidth bill or a lawsuit couldn't be far behind (depending on the amount, of course). If the servers were my responsibility, including keeping them updated, etc, then I could understand your reasoning.

    If a DDoS attack cripples my site, and you expect me to pay for that, you're sorely mistaken.

    The simple fact is if they caused it, they paid for it. This includes patches/fixes the customer should've implemented. If you run and maintain that server for them, then no bill increase should be applied.

    If someone out in the world caused it, a random malicious event that they just so happened to be on the brunt end of, just throw away that burstable bandwidth bill and make sure your customer knows you did them a favor.

    It may not be your place as to pay for that second scenario, but you'll keep your customers longer, keep them happier and keep word of mouth on your company going strong.

    It's just good business. Were this my company, I would never even think of treating customers this way.

  8. proof of malicious intent by ShortSpecialBus · · Score: 4, Insightful

    unfortunately, there would have to be proof of malicious intent, or at LEAST a reasonable knowledge taht linking to the page would cause the business to lose money.
    While /. would have a reasonable knowledge taht linking to the page will cause the page to load slowly, they don't know what sort of connection the page is on, nor is it their responsibility to find out.

    The day anybody becomes liable for linking to a page on the internet will be the end of the world wide web...that's the whole premise of the thing...

    The only thing I can think of is something similar to the robots.txt file...have your webserver have a slashdot.txt file that says something like NoSlashdotLinkage = true in it or something, anything similar to the thing for preventing search engines.

    --
    //FIXME: Bad .sig