8 January 2002: See responses: http://cryptome.org/isp-nofilter2.htm

6 January 2002

Responses welcome; send to jya@pipeline.com

Or subscribe to and send to:

The Cryptography Mailing List

Subscribe by sending "subscribe cryptography" to majordomo@wasabisystems.com


To: cryptography@wasabisystems.com
Date: Sun, 6 Jan 2002 01:04 +0500 (GMT)
From: John Young <jya@pipeline.com>
Subject: On ISPs Not Filtering Viruses

We've also had bad luck in getting our ISP, Verio, to filter viruses. The sysadmins we've discussed it with provide varying explanations why this is not possible. Instead they suggest workarounds to send the known varmints to null or to a phony file name or even a file to collect them and then be emptied periodically.

What is peculiar is that the sysadmins do not tell the same story, instead offer vague explanations when pressed.

When we said we wanted to purchase (rent) new space on alternative machines, we were told that would not solve the problem. That even erasing the disks on our current machine, and reinstalling system programs and our files would offer only momentary relief for the viruses would return. The gist of all tales was that we would have to live with the virus infestation.

However, when we decided in frustration to switch to another type of Verio service, a Verio rep told us to not believe what the sysadmins were saying, that the problem is not technical  but administrative. However, he would not provide detail on what the administrative problem is. He promised the new services he was offering would take care of the virus problem.

So we rented two new Verio machines to replace a single one hosting our two sites, and split the archive to fit the two domains. For several weeks we were virus free, and only recently has a virus occasionally hit. And forgot about it until the thread here appeared.

Now, we wonder if there is more to the virus filtering issue than has been disclosed. For example, are ISPs covertly assisting the authorities by not filtering, perhaps under willing or unwilling non-disclosure agreements.

Some months ago we learned that Verio had been approached by British intelligence to yank files from our sites and after discussion with me Verio refused because the files did not violate Verio's use policy. However, I learned during that episode that law enforcment agencies often make requests to the law department of ISPs for cooperation without providing documentation of justification. A decision is made by the ISP legal rep on whether to comply, and that usually is based on the value judgment of the legal rep and familiarity with the LEA contacts and/or procedures.

We learned from a friendly customer rep who happened to agree with our publication of forbidden docs, that ISPs' legal reps keep in touch with each other on how to respond to official requests for assistance, whether to notify the target, whether to comply quietly and what procedures to set up with the technical and customer support staff to deflect complaints and press inquiries, how to keep a lid on past covert assistance, and how to respond to competition which may decide to exploit non-cooperation with authorities lacking court orders or other enforcement.

After hearing this we better understand the possibility that sysadmins and customer support personnel may have a variety of reasons for refusing to filter besides indolence and poor service -- that snooping and snarfing systems may installed, that a dragnet operation may be underway which covers the territory of your machines though not necessarily targeting you, or you may in fact be a specific target, authorized or unauthorized.

To be sure, inadequate service may be an attempt to get you to upgrade your service contract -- as seems likely in our case with Verio -- or there may be competition within an ISP, particularly if it is a giant like Verio where departments are forced to compete with each other -- again as we have likely experienced with Verio.

We're now on our fourth iteration of Verio services, and would have moved on had Verio not bucked British intelligence and a few lesser attackers when other giants had cooperated, as well as continued to provide stellar services.

Still, we remain thoughtful about when Verio will do the dirty in the face of fearful terrorism or some other business opportunity to attack rather than be attacked.

Coda: No ISP, TLA or virus has ever caused us the increasing problems caused by rampaging bots and siphons, or malicious attackers pretending to be idiot bots and siphons.

---------------------------------------------------------------------

The Cryptography Mailing List

Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com