[wplug] Breakin attempts against the nobody account
Chris Ott
cott at acclamation.com
Mon Mar 28 15:19:29 EST 2005
Zachary Uram wrote:
> I read in cases of DoS attacks that often an ISP will still suffer
> overhead on their router/firewall/IDS because the upstream ISP or
> backbone will refuse to apply rules on their router to block the
> attacks. Could someone explain why this is?
Because it's hard to do without worrying about liability. My last
sendmail "access" file from when I was doing my own spam control had
more than 80,000 entries, representing tens of millions of addresses,
from which we did not want to receive email. About once a week, I'd get
an email saying I was blocking someone I shouldn't be. We're a company
with 80 to 90 employees.
> Maybe if they were held
> legally responsible they'd be a bit more proactive in mitigation!
If you're a big ISP, the chances of you blocking legitimate traffic
increase significantly, unless you do your research. Of course, research
costs money. You'll also have deep pockets, making you a much more
attractive target for lawsuits.
Chris
More information about the wplug
mailing list