[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Code-Red 2 - and IIX




> I don't know enough about the law, but a smart lawyer can sue 
> the ISP's with 
> this total unresponsible behavior of the ISP's - and suing 
> them for loss of 
> bandwidth, and loss of sales (for commercial web sites)...
> 

I know god's going to punish me for this [for publicly defending an
ISP], but since I'm going to hell anyway, I'd like to add my personal
experience of an ISP doing something *right* for a change.

At least one of the ISPs (namely Bezeq International) hired an external
security company to conduct a red-code scan for all their servers in
their hosting farm. You might argue that they should have done this for
all their customers (i.e. F/R, dialup, etc), but I think the fact that
they at least did it for all the servers they host should be applauded. 

What especially made me appreciate their effort is the fact that they
tried to scan the hosting farm themselves, and had problems doing so
(most available 'code red' specific scanners are inaccurate, and other
security scanners are sometimes difficult to use by non-experts) they
therefore decided to pay an external security company that specializes
in this type of services. This is unlike the usual reaction of ISPs who
say "lets do it ourselves to save money", and after they fail miserably
(usually because it's not their area of expertise) their customers are
left with a half-done, unprofessional work. [note: I won't disclose the
name of the security company to refrain from shameless advertising, but
if you want some more information about their vulnerability scanning
services try this: www.AutomatedScanning.com]

I don't know if other ISPs did this sort of thing, but I agree with Hetz
that any ISP that has a hosting farm and did not perform at least a
thorough 'red code' check for their servers is totally irresponsible
(why those hosting ISPs don't conduct *regular* vulnerability scanning
services is beyond my understanding).

On second thought, maybe my priorities are wrong. They should first
offer 24X7 network connection and electricity. After this is established
we can move to more advanced services... [god smiles and upgrades me to
a cooler room in hell]

- Aviram


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il