Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?

* Steve Bertrand:

>> Anyway, if you've got a customer account that was
created with a stolen
>> credit card, and you get complaints about activity
on that account from
>> various parties, and you still don't act, this
shows a rather
>> significant level of carelessness.  
>
> Further to carelessness, this may be pushing the
boundary in many places
> of guilt by act of omission.

I'm not familiar with the finer points of the US criminal
code.  I'm
rather skeptical that such a risk actually exists
(Foonet/CSI
notwithstanding).  If people actually cared about
compromises, I would
be more concerned that not handling abuse complaints would
expose ISPs
to liability from their own customers, who would have learnt
earlier
about their compromise if the ISP told them.

Part of the reason why this discussion is somewhat heated is
that
there's zero incentive in most markets to deal with
customer
compromises.  Otherwise, people would just lean back and
think, "yeah,
right, let them try and see how it works for them".

Florian Weimer wrote:

> Part of the reason why this discussion is somewhat
heated is that
> there's zero incentive in most markets to deal with
customer
> compromises.

We have observed that compromised hosts on our network have
a very good 
chance of becoming the targets of DDoS attacks. So my staff
is trained 
to treat each abuse report as a potentially compromised
computer "crying 
out for help" and we've been through enough
multi-gigabit DDoS to know 
what the real pain factor is, and hence don't let them
fester.