ISPs Victimizing DoS Victims? 346
"I wonder if they would have thought they could get away with this had it been 'You're black and we don't want the racists to break our windows so we ain't selling you an account.'
Where do they think they get off suspending an account just because it is getting unprovoked attacks? They'd do better getting law enforcement in on the act themselves on civil liberties grounds if nothing else, before somebody else calls them for a civil liberties foul. What do you guys think? Has this kinda thing happened to you? To your friends?"
Can your ISP suspend your account after you've been victimized by an unprovoked DoS attack? You should probably make a polite inquiry to find out, and if so, move to another.
Update: 06/07 12:27 by C : Cris Daniluk passed me the following note on the related issue of colocated boxen: "I just thought I'd send this directly to you instead of the traditional postings because I think its important enough to warrant attention. In a colocated environment, if your server or server array get DoS'd, 95% of the colocation providers will can you the same way this poor guy got canned. The difference is that if your colocated server gets canned its not as simple as calling the next $19.95/month guy down the street and being online the next day. Food for thought... " Indeed.
Not Illegal, nor really a censorship issue (Score:1)
Posted Anonymously to protect myself and employerer, so respect the comment.
AUP is not a Service agreement. (Score:1)
Example from a well known local ISP:
5. At our discretion, -XXX- may revoke your account at any time. Unused
credit or payments will be refunded on a pro-rated basis. If it is
determined that you are participating in illegal activity, -XXX- may
notify the proper law-enforcement authorities.
/. = ZDNet? (Score:2)
A submittor who requested to be nameless sent this issue in for consideration: "I recently heard of a case where an ISP suffered DoS attacks and determined that they were all aimed at knocking one of their users off the net.
So, a nameless individual submitted a story he heard about somewhere, and of course /. posts it because it's guaranteed to boost viewership and therefore ad revenue.
At least when emmett posted the thing about LinuxCare layoffs [slashdot.org] he had the decency to make some kind of effort to verify the story. Shouldn't every /. editor at least try and do the same? (And please, don't tell me they're too busy; if they're too busy to verify sources then I demand the word "news" be removed from their tagline.)
You dont know the half of it (Score:2)
Re:It is not anything like... (Score:2)
Well...it's not the judgement of a social group that is the problem....it's the prejudgement of a social group that you seem to be giving the ok to. (To me that doesn't sound a whole lot better than any other kind of discrimination.) Because a person is of some faith or belief doesn't mean they should be branded. They are still an individual within that organization. Not all religeous people are out to crusade the world over, basically. The ones who are, however, probably should be subject to some judgement...especially depending on their methods. There are plenty of nuts out there...I wouldn't even try to argue otherwise.
Beyond that...some lines would need to be drawn to be even realistic. Would you prevent a member of a social affliation from putting his resume online for a line of work that has nothing to do with his faith? (especially if he is *gasp*, good at it?) Because you don't agree with some social affiliation he has? I am not going to delve into that issue at the moment, but that sounds a little Nazi-ish in and of itself.
Except.. (Score:1)
It's not fair to a customer that's a victim for an ISP to have to deny them service, but it's also not fair to the hundreds or thousands of other customers on that ISP's network that aren't victims to have to be denied service because of one person.
Re:How about legitimate traffic? (Score:1)
Re:Preventing Smurf and Simlar attacks (Score:1)
Sure, that can tell you if your web server is up, but if it is down, it can't tell you much about why. Ping is handy because it is so dead-simple that it removes most issues of program error and application error and lets you test the network connection at a fairly low level. If port 80 is not responding, but Ping is, then you know not to waste your time looking at the network itself (except maybe the firewall). You know it's the web server software that isn't working.
Technicalities... (Score:3)
How do WE know? (Score:1)
offtopic - I must be blind, but I couldn't find a way to post at the top level of the thread....
duh... (Score:1)
Guranteed way to spot what you're looking for - ask where it is. I found it.
Re:Could someone inform me of what a smurf attack (Score:3)
A smurf attack is a spoofed ping to a broadcast address. Suppose I want to attack example.com at address 10.0.0.1. I would find a poorly configured network somewhere that will actually respond to a ping to the broadcast address from the outside world (say 10.12.0.0). I send out pings claiming to be from 10.0.0.1 to 10.12.255.255. Now, every machine on the 10.12 net (the smurf amplifier) will send ping replys to your machine and flood it.
If all routers were properly configured to reject outgoing spoofed packets and to reject incoming broadcast pings, the smurf attack wouldn't work.
I made the same decision in the same situation (Score:2)
If a user is somehow adversely affecting the way the network runs, especially if it's interfering with other customers' use of the network, then the admin has the right to pull the plug on the user. It's no different than setting quotas on disk use so people can't fill up an entire hard drive, disabling a slashdotted site that is dragging a webserver to its knees, cutting off the shell account of a user who won't quit screwing up the shell server, or k-lining someone's IP address. When you have a few hundred people under your administrative responsibility, the good of the many outweighs the good of the few.
More details are probably needed (Score:3)
Secondly, the solution that the ISP took is not fully spelled out; I can understand for a short time removing access to the victim's site to get the DOS attacks to die down and free up conjestion on their network. But they should inistate the person's access after they have been able to locate the IPs used to DOS the victim and block them before entering the ISP's pipe. Sure, it might take some work, but if a script kiddie goes after one user's site, what's them to stop them from going after another site under that ISP? A malevolent script kiddie could theorhetically close off all user accounts at this ISP with only a small amount of work. ISPs that aren't prepared to deal with such should not be in business and customers should know this.
No link? (Score:1)
-Derek
Re:Think of this from the ISPs point of view (Score:1)
As for getting the police involved, well, a smurf is virtually untracable, the source addresses points back to the (misconfigured) amplifier network, which is totally innocent, and the packets they receive are forged to come from the victim's computer.
I don't agree.
The "innocent" amplifier network needs to be configured correctly; you said it yourself when you said it was misconfigured.
I'm the technical admin for a smallish (600-user) ISP and while I've never had to deal with this particular problem, I don't think I'd block the user. I'd probably find out what it was they were doing that was so terribly offensive and maybe ask them to stop, but beyond that I have to quote Sig11: "I don't have a solution, but I admire the problem."
Re:Responce Uh huh... (Score:1)
I wasn't the first one to throw up the attitude. If you'd care to have read his comment, he was the one who suggested that only the "better" ISPs have either the bandwidth avaiable to handle a flood or the ballsy routers capable of blocking it. I merely responded to his tone.
No, two wrongs don't make a right. But three lefts do and sometimes I don't feel like being the patron saint of patience and grace. I'm not always an asshole, but that doesn't mean I can't be one on occassion.
Re:Think of this from the ISPs point of view (Score:1)
Dealing with Dumb ISP Admins is a losing battle from the beginning. I work at company that provides Email and domain hosting, and we deal with ISP's that relay spam, flood our DNS and generally are misconfigured. When you contact about half of them, they dont care.
I know it won't help with flooding, but why not disable all access to your network from theirs if "talks break down"? It's not a perfect solution (the perfect solution would be to somehow convince their upline to shut their pipe off until they fix the problems) but it would prevent them from spamming and abusing your services.
Re:Responce (Score:3)
Additionally, the ISP should either have the bandwidth to handle a DOS attack like that, or the facilities on their router to block it out. If not, you should definately consider a better isp.
Obviously you don't know a whole lot about this.
You can't block smurf attacks at your router. Once the shitstorm hits the pipe it's yours to deal with. If you don't have the bandwidth to handle the smurf traffic, your normal traffic will get bumped in the fray.
Secondly bandwidth is expensive. One of our POPs has a 10mbit link in place to handle 96 dialup customers. Lessee here, 10486kb/s divided into 96*56kbps, or almost 2x the bandwidth we would theoretically require to serve every user if they achieved a true 56000bps connection.
Now along comes Joe Skript Kiddie and his smurf amplification network. Collectively they strike, delivering... oh let's say four good-sized T3 networks' worth of bandwidth to the far end of my 10mbit pipe. There isn't a hope in hell that I'd survive that, even at a 1:2 overcommit (really a 2:1 UNDERcommit. And my bandwidth ratios are pretty decent. Most high speed networks run at a 50:1 or even 100:1 overcommits because bandwidth costs so much.
The solution is to have the smurf traffic blocked BEFORE it hits your upstream pipe, since that way it never gets to clog the connection. Good luck getting your upstream to do that, since it is quite computationally intensive to analyze every packet in the core networks and make intelligent routing decisions. So typically it isn't done.
So much for your fairy-tale concept of how networking works. Perhaps you better go find yourself an ISP with a good VC backing and a 1:1000 overcommit. At least when you don't have to worry about making money you can lose money on every user, along the lines of what amazon.com does.
This is news? (Score:1)
If this is what i've heard directly from victims, i'm sure this ordeal has been fairly widespread.
Nothing new (Score:1)
I remember reading this a while back but I didn't think it was that long ago...
News.com: Basque site shut down [cnet.com]
The date? July 18, 1997
Doing a search for "basque" on news.com turns up a bunch of related stories (if you want the backstory).
Re:Sorry, but the ISP has every right to do this (Score:1)
BTW: Freedom of speech does not mean we have should force anyone to listen.
Sorry, but the ISP has every right to do this (Score:2)
The reason the government can't censor poeple is that we can't just "go to a different governement" if we are unhappy with its service.
I don't like the ISP's reaction at all. But it is their right to do it. The the U.S., we have the right to be stupid.
A disturbing situation indeed... (Score:2)
But there are a few things about this case that I don't understand. First, how did the ISP know to whom these attacks were targeted? Second, how did they ascertain why the attacks were taking place, and how did they figure this out (particularly after knowing who the target was) without also getting at least some idea of who was carrying out the attack?
I don't know. Something sounds fishy about this. Don't get me wrong; the ISP was wrong to suspend the account and the people who carried out the DoS should go to jail, but I think there's more to this than we know here (a link would have been quite helpful).
Think about it. Sane people don't tend to attack others for no reason at all. Sometimes, such as with racists (if they could be called "sane," that is), the reason is imagined rather than real, and it's a damn poor excuse for a reason, but it's a reason nonetheless. If these DoS'ers were simply attacking this guy for a religious site, I'd imagine we'd see a rash of DoS attacks on sites of that religion (again, information as to the religion in question would have been really helpful here). That doesn't seem to have been occurring. Something must have passed between the target and the attackers beforehand. Whether or not the target deliberately provoked the attackers I don't know. But something had to have happened over the course of this dialogue that made the attackers decide to carry out a DoS. Is that the target's fault? Perhaps, but it's not likely. All of this would have been so much easier if the original poster had provided more information, or any kind of link to more info on the case.
ISP Viewpoint (Score:2)
First off, before everyone gets indignant, I have very rarely seen an 'unprovoked' DoS attack. More often, you have a skript kiddie of your own attempting a channel takeover of some other skript kiddie. At that point, the two escalate hostilities until someone brings out the BFGs... smurf, TFN, whatever. If your kiddie does it first, you get to save your logs for when the FBI comes with a subpoena. If he isn't as quick on the draw, you wait for the other kiddie to get bored before you can get your buisness back online. Either outcome sucks.
The first thing I do when I see a DoS is I take out whatever their target is. It's gonna get killed anyway, might as well hurry up the process. If it's a colo, their eithernet goes. If it's an eggie, it dies. If it's a dialup... well, it's already offline. I disable the account.
Second stage is to determine _WHY_ the attack happened. I generally don't bother calling the kiddie in question because they always lie about what they were doing, when a quick glance at their eggdrop tells you what hostilities were involved. This usually involves lurking on IRC. I have yet to deal with a non-IRC related DoS.
Now, occasionally you have a legitimate user with a legitamate bot running their own channel. They get nuked/DoSed, etc as part of the takeover. In which case you re-enable their account and say 'sorry'. That's perhaps 5% of the time.
As for 'differing religeous viewpoints' that translates in english to 'Trolling for jesus in #foo' where foo generally is a gay pride group. They're wrong, but your client was rude. He (it's always he) needs some cool-off time.
Finally, I'd like to point out that it's a balancing act. You've got to balance the serious strech of 'free speach' of one user verses the legitimate, responsable right to free speach the rest of your users need to have. A DoS dosn't just silence one person, it silences everyone in the area. Is it right to silence one? No. Is it less wrong to uphold the rights of the (responsible) majority? Yes.
--Dan
We've already won, they just don't know it yet (Score:2)
Nowadays the internet and globalization are applying market forces to legal systems. Business will move to follow the money, people to follow freedom, developers to follow technological momentum. Over the next few decades, you'll observe this forcing all the major governments kicking and screaming into a much more libertarian position, and you'll see the unfree remainder becoming more and more third world. Eventually, they'll come cap in hand to the IMF or whoever, and be told that the price of rescue is to strip their laws back to "no force, no fraud".
Or in other words: "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."
Who? What? Where? (Score:2)
Legality? (Score:4)
This poses a particular problem in an area that lacks competition. Take me, for example. I am a Mediaone subscriber. This happens to be the only high speed 'net access available to me. If Mediaone decided to terminate my account, where would I go for high speed access? Now, if I was on a modem around here, there are hundreds of providers.
So, legally there might not be much I can do. However, I already have a plan for if/when this happens to me - I don't trust Mediaone. They are a bad ISP, and I have had go-arounds with them over their "security" scans on my computer (I later gave up and installed a firewall) up to where they tried to kick me off the network after a 15 minute e-mail notice for posting DeCSS. I later re-established my account there after 2 wks of going back and fourth with management and the magic words "restraint of trade" finally got them to reinstate my account after I took out DeCSS. Curiously enough they didn't think any of this [mediaone.net] was related to DeCSS. So much the better, I guess.. but I digress.
What I plan to do if/when Mediaone pulls the plug: First, contact the better business bureau and file a complaint. Second, contact the public utilities commissioner and file a complaint specifically outlining their monopoly on high speed access combined with their AUP as having an adverse impact on the marketplace, 3) file a complaint with the commerce department in my state, 4) go to the local press if they do something really stupid (like what happened to these poor guys - who didn't do anything). In short, my strategy will be to generate so much bad PR and get so many people calling mediaone and asking about it that they take the better part of valor and give me my account back. I may not have legal remedies, but that is no reason not to make things difficult for them. In short, there are other options...
Common Carrier Status (Score:3)
Re: (Score:2)
Greater Evil? (Score:2)
It's a lose-lose situation. The internet looks more and more like the real world, where stupid people do selfish, evil bullshi+ in order to force their target into submission.
Life is too short, folks. If you are a script-kiddie, get a clue and stop fscking with my time. If any of you could please try to explain why the fsck revenge and bullshi+ attacks are so important to ya'll, I'm all ears.
Re:Somehow I'm not surprised. (Score:2)
First, calculate the income from all the accounts you close, times the duration of each account. (in other words, for a $20/mo account, you lose $240 per year. If you cancel only one account a month, you'll lose $2880 over the next year. Each year, your losses increase (i.e. in 2003, you lose the income from the accounts you closed in 2000, 2001, 2002, and well as the accounts you close in 2003)
This probably scales with the size of the ISP: a small ISP may close 12 accounts a year. A larger ISP may close 50. The losses add up rapidly, even if you forget goodwill and reputation.
Meanwhile, by not implementing proper ant-DoS measures, the entire ISP is wide open. This can cost you a big chunk of your total business. Prudence demands proper anti-DoS measures to protect the ISP (and incidentally, the users)
*THAT* is the bottom line for ISPs today
An ISP whose head isn't in the sand will also realize that they are actively contributing to the growth of DoS, and their losses will mount exponentially.
Quite a price for not doing proper sysadmin!
Re:Think of this from the ISPs point of view (Score:2)
Dealing with Dumb ISP Admins is a losing battle from the beginning. I work at company that provides Email and domain hosting, and we deal with ISP's that relay spam, flood our DNS and generally are misconfigured. When you contact about half of them, they dont care.
I hate to say it, but deleting an account to keep from dealing with a problem that causes us to lose business is the way to go. Ya, I know, it sucks, but dealing with other stupid admin at other ISP's in tracking down problems is not worth it the business of one domain.
Re:Get a grip people!! (Score:2)
First, cancelling the account of the victim probably won't shut down the DoS attack, at least not for quite a while. The attacker has to notice that his target's not there anymore before he'll stop.
Second, regarding the nudist-in-WalMart analogy. The nudist might be removed, but he will be removed for his disruption of business. Cancelling a DoS victim's account is more akin to throwing out other people in the store because the nudist might make them gawk and that might disrupt business. Which just plain doesn't make sense.
You might want to think about the consequences if it becomes acceptable to terminate your service because someone else has taken an irrational dislike to you and decided to attack you.
Hunh? (Score:2)
But, like most business, they probably reserve the right to refuse service to anyone for any reason.
This is not 'censorship'. This is not 'discrimination'. It kind of sucks.. but...
Why should a business (that operates on slim margins as it is) jeopardize it's entire business and everyone's job (not to mention internet access for thousands of people) when removing one person can solve the problem?
Re:It is not anything like... (Score:2)
This is actually a well-known precept in academic sociology and political science; I wish I could cite something, but it's been a number of years since school, so my memory of that level of specific is shot
As with any cultural minority, the only ones you ever notice are the ones you are least likely to like
Sort of says bad things about multiculturalism, doesn't it --- if the only members of "them" that you notice are the ones that are on the fringe, and doing things that irritate you, but you assume that those people are representative, there's never going to be a useful dialogue
There's an interesting series being run by the NYT right now about race relations (first article was about an integrated pentecostal church, and the second was about how race in miami is different than race in havana) which touches on this issue
Re:It is not anything like... (Score:4)
Sometimes, though, the 'choice' is a surface myth which doesn't really exist --- the vast majority of people who grow up in heavily fundamentalist families remain fundamentalist; did they 'choose' that? (This isn't a flame, really, but a serious question; the borders of the space defined by the word 'choice' are extremely fuzzy when analyzed philisophically).
I must disagree, though, with the second part of your statement: it is not true that 'there is nothing wrong with refusing service to such groups'; aside form being simply bad economics in most cases (Marriott's refusing to rent to non-married couples, for example, would be economically absurd), there really isn't that much difference between refusing to serve food to a black man and refusing to serve food to a christian fundamentalist: they are both arbitrary decisions based on characteristics of the person which are *irrelevant to the situation at hand*. The only difference is that race is *almost always* irrelevant, whereas religion is occasionally relevant.
Re:It is not anything like... (Score:2)
You are trying to draw a line by saying that you should not be allowed to discriminate based on what someone couldn't choose (like their race) but should be allowed to discriminate based on something they couuld (like their religion).
But what you have forgotton is that on-line, no one can tell anything about you unless you say so. So it is your free will, if you say you are black, or if you say you are a jew, or whatever.
Obviously, I think that there is no difference - people should be protected from discrimination either way.
What if you are black in America, and you make some postings about being black in America. Then a bunch of skinheads DOS'es you. And then your ISP terminates you to protect themselves.
Don't you see that's almost the same as what happened here? I guess then you will say: "Well, the black guy made those postings of HIS OWN FREE WILL, so tough luck for him getting DOS'ed, and tough luck for him losing his account. There's nothing wrong with that..."
By your argument, it would be ok for ISP's to deny service to anyone who says online that they are black, or jewish, or gay, or whatever, because it is their own free will to say so or not.
Wake up! Stand up for people's rights, or there will be nobody left to stand up for you when your turn comes.
Torrey Hoffman (Azog)
Re:Legal (Score:3)
This was incredibly cowardly on the ISP's part and they deserve to lose the buisness of others who realize what they have done. Meanwhile, I would suspect that the owners of the site could bring a suit based on the fact that they were shut down based (indirectly, but definitely) on their exercise of protected free speech.
In any event, the ISP has shown their colors and if I were a script kiddie, I'd be targeting their other sites, because if they caved once, they'll cave again.
Rick
Inaccurate analogy (Score:2)
I can't blame them. Given my past history of costing them lots of resources, they decided to drop me, even though none of the car wrecks/stolen vehicle incidents were my fault. Keeping on clients that are magnets for unncessary expenditures is not intelligent. Potential exposures are bad, as well.
Most ISPs' policies state that they can terminate access for any reason whatsoever at their sole discretion. In many other professional fields, these terms would be ridiculous. Nonetheless, ISPs have not been forced through competition to uphold any kind of standard. They want your money but not if it costs them resources (read bandwidth, customer complaints, downtime, network engineers, etc.).
Does this suck? Yes. Can ISPs afford NOT to take every measure possible to avoid a massive DoS that can cost them their business? No.
Re:Come on!, get realistic (Score:3)
That makes sense when limited to one single incident. However, consider the broader implication. An ISP stays in business by (as the name suggests) providing internet services. If in a given instance, they can be coerced by such tactics into removing the account they find so offensive, then the message sent is "blackmail us and we'll cave." Soon enough, said ISP cannot host any semi-controversial account, and this endangers its market position in the long run, particularly if there are ISPs willing to endure the short-term annoyances in order to pick up the business.
In many ways, this parallels the policy of many nations (paticularly the U.S.) that will not negotiate with kidnappers and terrorists. This may lead to short term tragedy, but prevents the doors from opening up on full-scale extortion by giving the impression that it can be successful. Sadly, as sometimes (often) happens in the business world, the capacity for such medium to long-term views is unable to extend past the next-quarter profits. I do not know if that is what motivates the ISP in this example, but I would not be suprised if it were so.Just my thoughts-in-progress,
-TBHiX-
Huh? (Score:2)
Since when do FBI agents have the power to issue subpoenas? That's what judges are for.
Re:Huh? (Score:2)
So, the next-door FBI agent contacted a judge for you?
Re:Who? What? Where? (Score:2)
I am holding back names simply because I don't think that they would appreciate the names being used here. Be assured, though, that this sort of thing did happen, at least once.
Come on!, get realistic (Score:2)
Re:Reward DoS attacks (Score:2)
Religion is not a choice (Score:2)
Other problematic areas? What about sexual orientation? Is that a choice, a biological condition, or something largely set by early childhood experiences?
What about drug use and addictions? There is absolutely no doubt that addiction has a strong biological component. Are you arguing against discriminating against a stoner in the cockpit since it's a biological condition?
How about obesity? Morbid obesity is (always?) due to biological factors, not "lack of willpower," "lack of exercise," etc. (That's not to say that such factors have no influences, only that someone won't drop from 400 pounds to the covergirl status without doing some pretty severe damage to her body.) Does that mean that obesity jokes should be deemed as socially unacceptable as racist jokes?
Finally, never ever forget the possibility that pedophilia is due to a biological defect. We can have compassion for people burdened with inappopriate desires while simultaneously denying them the right to freely exercise those desires because of the cost to others.
I'm not claiming to have the answer to the questions... only that your analysis of the situation is over-simplistic. By law, some things are not considered "choices." Other things are considered a "choice" by some, and a biological condition by others. Yet other things may be viewed as biological conditions by all-- yet still rejected by society at large.
Re:This just gets worse and worse. (Score:2)
This issue isn't libel per se but the practice of including the ISP as a co-defendent. If ISPs are held legally responsible for the content of speech transmitted via their systems they have little alternative but to act as censors, and prudence dictates that they act as overzealous censors. That is the nightmare scenario, not because it restricts libel but because it stifles wholly legitimate expression.
Reasonable (Score:2)
Re:Reasonable (Score:2)
Re:Responce (Score:2)
Maybe you piss off some 14 y/o on a 56k modem, who decides to do something like pingflood you with "ping -f", that won't hurt the ISP, and it'll only hurt you if you use a 14.4 modem (otherwise, it'll act like a big download).
If you *really* annoy some guy who thinks he's a 3l33t h4x0r, then they'll probably smurf you, or your ISP. A big smurf attack can generate a *LOT* of traffic, which can easily bring down a 10mbit pipe, depending on the size of pipe, and the number of computers on the amplifying network.
It's like a pingflood, but from 100 computers at once (or however many pings are returned from the broadcast address of the network), and it can bring down a network easily (it's also the reason for the continuous netsplits on Efnet, and the reason lots of server admins are delinking -- to get the hell away from them).
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
Re:way to fix? (Score:2)
Also, the ISP probably won't be upset by a user being DoSed, unless the bandwidth used by the DoS is affecting the whole ISP.. at that point, the attacker could just move the attack from 1.2.3.4 to 1.2.3.x, and fill the entire subnet's quota, preventing ANY traffic at all reaching the ISP, even if it could *physically* fit on the link, the router would drop it.
OK, so maybe this isn't the magic solution I thought it was when I first read it [unfortunately]
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
Re:Think of this from the ISPs point of view (Score:2)
As a consumer, I'd assume you'd prefer the consumers point of view... and as an ISP you'd probably prefer their P.O.V.
>Complete restrictions on companies, or giving them free reign to do anything in the name of profits? It's not actually an easy question to answer.
Well, obviously it needs to be somewhere in- between. We need to draw a line somewhere which lets businesses protect themselves, while still giving the consumers rights.
The only problem is figuring out just where we draw that line.
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
Re:ISP POV- NOT (Score:2)
>Come on now, this doesn't make sense. Killing the target won't help during the attack
>During the attack you:
>1. Find the source or sources of the DOS
>2. Block/Filter this at your guardian routers
>3. Communicate with the source ISPs.
>4. Other net admin steps I forgot.
I suppose I should have said a small ISP, but anyway..
It's impossible to find out the true source of the attack is, but filtering it out at the router could help. The problem is when the attack is big enough to kill you at your router -- which is when you bring in the upstream router. But, It can be difficult to get your upstream ISP to filter out all the (many) spoofed addresses before the DoS ends -- and anyway, they'd just move on to another misconfigured broadcast address..
When did I say I'd kill them during the DoS?
I'd terminate the account after the DoS stopped, and I could have a look arround to find the actual CAUSE of the DoS -- and proof it was their fault. I might terminate a user if all they did was provoke the attack, but only if they did it repeatedly, and I knew they had actually done something to provoke it.
The bottom line is, the user is affecting OTHER paying customers as well, and while I definately treat DoSes on a case-by-case basis, it's hard to do much more than contact the admins of the amplifying network, and ask them to fix it, and see if they have any logs which might help trace the real attacker.
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
Think of this from the ISPs point of view (Score:5)
I have had an entire networked downed for over 24 hours because of a DoS, which means the victim loses out, everyone else loses out, and we lose lots of money -- especially when a shell user brings down the webhosting side of things.
Anyway, if the user is being continually DoSed, having an account with the ISP won't do them much good, would it?
As for getting the police involved, well, a smurf is virtually untracable, the source addresses points back to the (misconfigured) amplifier network, which is totally innocent, and the packets they receive are forged to come from the victim's computer. It's difficult to filter smurfs without breaking things like ping, and if the ISP is paying per Gb, DoSes can be expensive.
The ISP has to pay for the DoS traffic (which could cost more than the customer is paying), and also might lose other customers/potential customers because of the reduced performance.
The customer loses their account (possibly their money, though if the ISP has no proof the victim did anything, I'd expect them to at least refund the remaining subscription), and maybe their e-mail address.
The ISP's AUP/TOC usually allow them to
terminate your account for little, if any, reason, and in this case, they have a pretty good reason.
Free speech is great, but should you be sued just because *you* don't want to risk your livelyhood/life/whatever to protect it?
--
David Taylor
davidt-sd@xfiles.nildram.spam.co.uk
[To e-mail me: s/\.spam//]
Re:This just gets worse and worse. (Score:2)
Well what about the reign of terror, Stalins purges, Hitlers concentration camps, the list goes on. Perhaps these 'knuckleheads' and 'nincompoop' know about these and realize that their country is not alone, and is one of the most important countries in the formation of modern democracy.
I live in Canada and looking back we have done sme awful thngs to our natives and to early Asian immigrants. Every country has these spots on their history, and their is not reason to continually blame them for them. Rational thinking will tell us that if we blame someone they will try and avoid speeking about it. This is not the way to prevent it from happening. Do you blame the current German government for the third reich? No, but we do remember it, and this is the same way that we must treat all the errors of our past.
Re:This just gets worse and worse. (Score:2)
I was just letting off a bit of stream from some of the posts in this thread. I replyed to yours because I was bothered by you refering to those who respect the American founding fathers of the US as knuckleheads. Comparing the American revolution to the Bolshivik and French revolutions we will find that the American leaders were much more concerned with liberty and maintaining the goals then the other two. If one is to look into any hero they will see that they are not perfect, and this happened at a different time in history. A million wrongs will not tarnish a single right, and what the founding fathers did was great advancement for democracy and deserve to be respected for that.
I was not moderated up, my account default to 2 points, and I assure you that I am perfectly capable of reading english.
Re:Come on!, get realistic (Score:3)
Reward DoS attacks (Score:4)
And tells his friends.
And soon we see even more DoS attacks.
Just like the worst response to real terrorism is to give in to the terrorists, the worst response to virtual terrorism is to give in to the terrorists.
That was nothing! (Score:2)
Law enforcement really needs to get some kind of a grip on computer crime and stop blowing it way out of proportion.
Re:It's not illegal... (Score:2)
After all, unless a law says otherwise, you don't have to do business with anyone you don't want to.
Re:*shrug* it happens... (Score:2)
It wasn't really my friend's fault either, he was just logged in from work, and he found out like at the end of the work day that the gov't computer got hacked.
We were all in college and didn't have any money anyways.
*shrug* it happens... (Score:5)
Anyways, one of the guys worked for the government and was logged onto the shell from his work machine. The government computer got hacked into and someone running a packet sniffer got ahold of our account's password. They did some damage to the machine (not sure what) and our account was terminated without any sort of email to my regular email address.
Then I got a call from my credit card company. Someone had tried to charge $3200 to my credit card, and the limit wasn't that high so it was denied. Then they tried $2500 and that was denied. Then they tried $1500 and that went through. They told me that it was out of the city this ISP was in, and it was for "electronic merchandise". They said that it seemed suspicious since most of my purchases were small, so they called me to ask about it.
I told my credit card company that I had an account with this ISP, and that I had used my credit card with them once, to pay the first month's bill. After that we sent a check every month.
I disputed the charges, and never heard anything about it again so I'm assuming that they resolved it. The ISP sent me bills for $3200-$1500 every month until I moved and they lost track of me.
After I got off the phone with the CC company, I called the ISP, and ended up calling the president of the ISP at home (he had a very nice wife but the guy was a dick). He said that they were charging me for the time it took them to fix the machine, billed at $80(something) an hour. They said that I broke the TOS so they were acting like I hacked the machine even though they KNEW that neither I nor my friends did.
Beware. Shit happens, it can happen to you. Some ISPs are just plain dicks. Closing your acct is one thing... trying to bill you $3200 and commit credit card fraud is another.
Suspend versus Terminate? (Score:2)
Okay, we don't know enough about the situation, but why is everyone assuming the target account was killed or terminated? The leader on the story says SUSPENDED , which in my mind, indicates a temporary state of affairs.
If someone were causing my ISP grief due to a DDoS, even if it were directed at MY account, I'd hope the ISP would take the most prudent course of action: down the account or machine for a little while to let the kiddies feel they've won. Explain to the apparent target what happened, and explain what it will take to keep within good service agreements with the ISP.
(Suspend versus Terminate? =anagram>
Instruments served pause.
Massive PUT-ness returned.
Invests prudent measures. )
Somehow I'm not surprised. (Score:2)
Corporate/Consumer double standard (Score:2)
A lot of privately owned companies these days are infringing on rights that the government would not be allowed to. Perhaps it's time some legislation was drawn up to require companies to meet certain guidelines in order to qualify for the full protections they get with the Corporate license.
Preventing Smurf and Simlar attacks (Score:4)
This problem might be more attackable at the hardware provider level. Get Cisco and the other router makers to set their routers up to automatically include these rules (Possibly with the ability to turn them off) and you'd severely cut back on the number of DOSes. Even some of the newer attacks that involve using thousands of compromised machines use packet forging to obscure the return address. Eliminate packet forging and all of a sudden your attacker is two easy hops from being caught.
The question is, if I'm the victim of a forged packet attack, can I sue Cisco for not setting their routers up to prevent packet forging?
Terrorism Tactics (Score:2)
First let me tell everyone about some things you might not want to know. In my opinion DoS attacks are like taking the computers hostage, or any terrorist act. You don't agree with the politics of a group or you want attention. In any real world terrorism you can never, I repeat never give the terrorist anything they want, except for absolutely meaningless things. Even if they want peanut butter and jelly sandwhiches you give them a jar of peanut butter, some jelly, and some stail bread. On a more serious side if they pull the trick of covering themselves and hostages with a blanket and come out of the house (so the SWAT can't see who they are shooting) there is always a no pass line (generally 25 or so feet in front of the door. It is just as it sounds, the terrorist does NOT pass that line, if you have to kill hostages to kill the terrorist it is acceptable. These are the policies in place right now all the way from some little towns police force to the FBI.
Now you may ask why I went through all this. It's simple, if you ever give a terrorist what they want then terrorism becomes a viable option. The same will happen with DoS attacks or any other online attack. If you give one person what they want in an attempt to stop attacks you are going to cause many many more attacks with the same result sought. It's bad practice, and bad logic on the ISP's side of it. I repeat again that this was the WORST thing they could have done.
Re:ISP POV- NOT (Score:4)
[SNIP]
have had an entire networked downed for over 24 hours because of a DoS, which means the victim loses out, everyone else loses out, and we lose lots of money -- especially when a shell user brings down the webhosting side of things.
Come on now, this doesn't make sense. Killing the target won't help during the attack
During the attack you:
1. Find the source or sources of the DOS
2. Block/Filter this at your guardian routers
3. Communicate with the source ISPs.
4. Other net admin steps I forgot
Killing the account must have come later during the "how do we prevent this from happening again" discussion. Obviously this is a stupid reaction. DOS attacks are something you can't ignore by placing your head in the ground and refusing to believe legimate people are being attacked.
If you are an ISP it is your responsibility to learn to handle this kind of attack in stride
Duncan Watson -Rock climbing, Encryption, privacy
PGP Fingerprint -PGP Key on www.keyserver.net
Well, was that in the contract s/he signed? (Score:4)
The bigger question though is how many ISPs have something like this in their terms and conditions contract. I'll have to go check my ISPs paperwork to see if it's in my contract for service.
Re:Legal (Score:2)
Anyway...I DO know that that doesn't mean much.
You can't just throw things into a contract (especially a contract that is not signed and agreed to in the normal legal manner) and just have it automatically be legal.
There are certain things you can't require of people and can't do to people, no matter what your contract says. No court is going to recognize a clause, for example, that requires you to kill yourself if you can't make the payments you owe me.
Is this one of those things? It probably is. I certainly could imagine situations where it would be. In any case, thats for a court to decide. (if things of this type were for me to decide, the world would probably make alot more sense...at least to me...)
-Steve
Re:Mr. Rushdie feels your pain (Score:3)
Well at first I thought you said Americain Airlines...and remembering my experience with them, was thinking that he should thank them...that is, however, besides the point
> Realistically, if the ISP is targeted because of
> the content brought forth by one user (not in
> violation of any AUP),
No, the ISP is targeted because some OTHER ISPs users are juvenile and feel that it is just fine and dandy for them to go around and deny other people internet service because they disagree with what that person has to say.
This is NOT the fault of the ISPs user. To blame it on him is just plain wrong. They did not get attacked because "He said something controversial" they got attacked because some people feel they have the right to attack others when they are insulted or because they dislike someone.
As you said, he did not violate the AUP. what this effecvtivly means is that the REAL AUP is not what is written on their web page, but includes an unwritten clause saing "It is no acceptable to express viewpoints which cause other people to attack you".
I don't know what you think, but thats fairly broad. That means if I see someone posting on usenet from that ISP talking about how much they love god, and that offends me, all I need to do is DoS them and that ISP will pull them.
I don't care if they are a private company or what. Their action of pulling this acount is, in my eyes, immoral. I think all of their customers should be advised that this is their policy, written or not, so they will know exactly what type of people they are doing buisness with.
In fact, I woul dgo farther and say that it is their right as consumers to know about this, and their duty as moral human beings to discontinue patronizing the services of this company. (of course, if they chose not to fullfill that duty, that is up to them and their own conscience)
> Obviously, the real solution here is betteR
> cooperation among ISPs so that DoS attacks can
> be tracked
Here I wholeheartedly agree. People who would strike out violently (in this case not physically violent but "virtually violent" they are activly and willfully stopping service that they have no right to interfere with).
Wow, free karma, just C&P. (no text) (Score:2)
You know what to do with the HELLO.
Re:This just gets worse and worse. (Score:2)
But in an Internet run by corporations, no such guarantees exist. Your ISP is free to cut you off for any reason whatsoever, especially when their corporate bottomline is in danger. If the internet is your primary means of communicating your views to the public, you now no longer have the means of speaking up.
Stupid moderators (Score:5)
His statement is very valid. ISPs run on tight margins and it makes no sense for a business to risk losing several hundreds or thousands of customer simply to satisfy one user.
Whether the ISP even knows why the user is being harrassed is unknown and cannot be verified due to the fact that no identifying information was posted but from a financial standpoint the ISP made the best decision they could with the facts they have. Heck, the U.S. government and the combined dollars of Yahoo, eBay, and several others can't catch a bunch of DoSing script kiddies yet people expect a local(or even national) ISP to continually defy them because of 1 user ($20 a month which isn't even all profit) ?
Re:Legality? (Score:2)
BBB: That's a laugh, the BBB is great when weeding out small companies, but no one checks with the BBB before getting cable.
PUC: Unless MediaOne is offering phone service (which they have in a couple trial markets) they aren't going to do jack. The PUC has no power over them.
Trade Commision: Nice idea for long term, but there usually aren't customer advocates to work directly on your problem. After a bunch-o-complaints they may use your case as an example.
Media: Best Bet. Local TV Stations already view the cable company as something that cuts into their ratings. Only problem is they like sensationalism. You MAY get labeled a HACKER.
not censorship if they didn't know. (Score:2)
I don't think that you have a civil rights case against the ISP unless their decision of what to do was based on the victims religious veiwpoints. If all they knew was "this guy's getting DoSed and screwing up our service, lets drop him", then its just consumer protection laws. The only way I could see it being a civil rights case would be if they knew the reason he was getting DoSed was his religious opinions and they said "he deserved to get DoSed for saying that, why should we do anything except cut our own losses."
Now, if the ISP had the right to cut him off for causing them service problems, he has a civil rights case against the script kiddies who were acting based on his religious opinions and caused him to lose something due to them. (assuming the truth of all statements in the orriginal post.)
IMHO, IANAL, etc.
-Kahuna Burger
Not the opinion, the forum. (Score:2)
So, freedom of speech should only be protected if it's speech of which you approve?
No, you're missing the point, which would be a fairly good one without the moron level inability to understand the term pro-choice.
The question was not whether the opinion was a "good" one or not. The question is "are we talking about an unpopular opinion or inappropriately flaming a group?" The fact that both pro-choice and pro-life opions could fall into this catagory, depending on where they were said should have been a good pointer on this distinction.
There is a difference between an "unpopular religious opinon", like saying on a catholic chat group that you don't know if Mother Tereasa actually meets the Church's requirements for sainthood, and a "religiously worded flame" like going into a abortion support chat room and doing the all caps shout that you are all filthy in the eyes of the lord for your murderous ways. It certainly effects how much slack your ISP is going to cut you when you start getting DoSed.
So the question is not how I, you or the ISP feels about the specific opinion expressed. The quest is whether it was expressed in a forum appropriate to it or in one where its just a distruptive attack itself.
-Kahuna Burger
Re:Sorry, but the ISP has every right to do this (Score:2)
No, it merely allows you to automagically "avert your eyes" if you so choose.
The articles are still there for everyone else to see, which is why it is not censorship, in any sense of the word.
Unless, of course, you're the Bugblatter Beast of Traal, in which case maybe it really isn't there if you can't see it...
ISPs (Score:2)
The ISP I work for, has a "Terms and Agreements" in the sign up process, and the user must sign it (can't be done over the web).
If I agree with it or not, that is a differant story, since I could be byasied or dis-gruntled.
In the "Terms and Agreements" it states (this is from memory, so it might be off a few words) that "XXX ISP may cancel your account at anytime for any reason with or without notification or justification and you the user are also free to cacncel your account at anytime for any reason with notification, but with or without justification" Also in there they have "XXX ISP may deny or refuse providing products or services to anyone at anytime for any reason"
From a legal stand point, an ISP is a private company (not goverment owned or funded (in most cases in the United States)) and can pretty much get away with a lot.
If user "Tim" is getting DDOS ever day causing the ISP to deny services to other customers, is that really Tim's fault? No. If they disabled Tim's account would the other users be able to access the Internet (and get what they are paying for)? probably, maybe..
Most business-es (including mine) are hard up for the bottom line, which is money. If they are losing money or non making as much as they could because user Tim is posting strong opinions, from that companies view, which is more important, standing up for some guy they never meet or making money?
I am not saying any of this is right or moral, I am just state-ing what the legal and company point of views might be ( not stating these are their points of view, just my interpation of things)
The above post does not represent my employer, they are my humble opinions and mine only.
As always: it depends (Score:2)
The unavoidable point here is that, from an ISPs point of view, people solliciting abuse are almost as bad as the ones causing it: they just want the trouble to go away. Some user cooperation is a good thing here, and may avoid kneejerk reactions like account termination (which, just to reiterate, is stupid and wrong...)
Re:This just gets worse and worse. (Score:5)
Not that I disagree with the basic notion that the internet should remain free, but free speech has never been absolute and unfettered. Libel, copyright violation, broadcasting military secrets, and the like have never been protected. And well that some forms of speech shouldn't be protected. After all, those DoS packets could be considered a form of free speech and we want them silenced!
Every time that hyperlibertarians support grossly illegal behavior, like massive copyright violation, under the mantle of free speech, it gives the authoritarians who want to shut down all unapproved speech more ammunition. Free speech is important, but it shouldn't be used as a cover for violating other peoples' rights.
Humm (Score:4)
Re:Humm (Score:2)
Re:Common Carrier Status (Score:2)
Sure, but you can walk right across the street and be served at McD's or go into the corner grocery store and buy food, you won't go without food.
What about phone service or electric? "We reserve the right to refuse service to anyone for any reason" would be a problem in that case because you have no real alternative provider. You paid your bills on time, was always polite on the phone, turned off the lights when you left the room, but the phone and electric companies shut you off because you were a pinko, commie linux user.
Now, obviously a dial-up ISP is not in the same class. You can go 'across the street' and sign up with another provider and be spreading your liberal views on the net in under an hour. But the original poster's point was about DSL and Cable where there are fewer choices and being cut off would be similar to having your phone, water, gas, electric disconnected.
I think it is an interesting question. Does internet access rise to the level of household necessity like water, power, phone, heat that requires some regulatory protection? I don't happen to think so.
The cable company can deprive me of cable TV and cable internet access. They can shut off my cable and I'd have to put my antenna back on the roof or get a DBS dish. I'd lose my cable-modem and since I'm 20,000 feet from the CO so I can't get DSL, I'd have to go back to dialup. It would suck, but it isn't like I wouldn't be able to heat my house, cook food, take a bath, order chinese, etc.
Re:Think of this from the ISPs point of view (Score:2)
Re:Stupid moderators (Score:2)
True, an ISP in an independent business who can service who it likes.
True, an ISP will go out of business if its service is disrupted for too long.
However, the DoS attack is a crime. Simply suspending the user alone facilitates the harassment. There is another solution.
Suspend the user temporarily. Bring in law enforcement to work with the victim - reinstate the victim and see if the attacks resume. Track them and track down the originators of the attacks. Join the victim in a civil suit against the attackers, if they're identified, for costs and punitive damages. Testify in any criminal prosecution.
To abdicate any and all responsibility in this case may be the right of an ISP, but one who does so won't keep my business.
-Dave
How do the DoS-ers know...? (Score:3)
regards,
Benjamin Carlson
Re:Censorship (Score:2)
That is not exactly how it happened, and definitely not how the ISP is going to spin it. Still, this is something that should send red-flags popping up in all of your heads.
The thing is, the ISP can pretty much do whatever it wants with your account. It owns the account, it can sell/not sell use of that account to you as it chooses. Remember those signs you always see in restaurants?
"We reserve the right to refuse service...
This is essentially just a way of disclaiming yourself into discrimination if you so chose to abuse it that way, and the ISP can do the same.
Trying to remain on-topic, though, discrimination is not the issue here either. The way the ISP dealt with the situation is the critical part, the thing that is sending my mind into a confusion. As I see it, there are two possibilities:
Either way, it is not good for the customer. Come to think of it, when are situations like this ever good for the customer?
It is not anything like... (Score:2)
This is not anything like racism. I am not saying I agree with the ISP. But an ISP that bans African Americans is different than one that bans xtian or other fundie groups. The essence of discrimination is not in the judgement of a SOCIAL group...but the pre-judgement of a biological group.
Noone chose to be born black or a woman or indian. Therefore it is wrong to discriminate on that basis. People DO choose to become fundies, skinheads, etc. And there is nothing wrong with refusing service to such groups. I can refuse to serve bloods and crips (as gang members) but can not refuse service African Americans as a race.
Tough luck fot the site. But standing up for the coices ONE MAKES of their OWN FREE WILL is different than living in a racist society that discriminates against something YOU COULD NOT CHOOSE FOR OR AGAINST.
I hate these comparisons to racism...think about your analogies before use.
Tom
Re:Well, was that in the contract s/he signed? (Score:2)
Two things that I can almost guarantee are going to be in the ISP contract:
1. They are not liable for damages beyond refunding any amounts paid for service. Even if it says they are not that would probably be what you could would get if you kick up a stink.
2. They reserve the right to discontinue service for pretty much anything they deem to be 'unsuitable content' and also anything that interferes with their ability to serve other customers.
Last time I shopped for an ISP I read the service contracts in their entirety. I cut most off my list of choices on the contracts alone. I deal with a number of service companies and one thing I highly recommend is that people actually read the contracts (preferable before they sign them). There are a lot of clauses that a salesman will gloss over that may mean nothing until you have a problem.
Re:Who? What? Where? (Score:2)
"Urban legend" is a good choice of words. This sounds exactly like the sort of story that new Internet users spam their friends with because some joke list circulated it to them, and they thought that it was important that Everybody They Know be aware of it.
Re:Not Illegal, nor really a censorship issue (Score:2)
It is also not illegal for consumers to blacklist, flame, and boycott any company that treats its customers so poorly. If you were my ISP, and I heard about you doing something like this, you would lose my business, and I would persuade others to avoid you.
The Wrath of Geeks was not quite enough to shut down AOL back in their days of shady billing practices, but it came close for a while there. I also know of a few mom-n-pop ISP's that were once popular geek havens, but went belly-up specifically because they angered the geek set with the way they did business.
Even if you are one of the bigger local players, the margins are small enough that you really can't afford to chase customers away... especially the tech-heads who advise all their friends and family on which ISP to subscribe to.
Re:/. = ZDNet? (Score:2)
At least when emmett posted the thing about LinuxCare layoffs he had the decency to make some kind of effort to verify the story. Shouldn't every /. editor at least try and do the same? (And please, don't tell me they're too busy; if they're too busy to verify sources then I demand the word "news" be removed from their tagline.)
I think the AC is right... so much so, that I don't mind burning a little karma to let his post be seen with my +1 bonus attatched to it (until I'm modded down), so there it is, in its entirety once again.
The editors at /. actually get paid. Not Kevin Garnet money, or even Craig Kilborn money, but they get a salary to sift through e-mail and post the interesting stuff as news, which is not a bad gig if you ask me. Come on, /., you can do better than this for what you are making. I've seen you do better. Shape up, eh?
Re:Sorry, but the ISP has every right to do this (Score:2)
The idea is that you can deal with whoever you want, and choose not to deal with whoever you want.
People like to cite the "whites only" businesses in the south back in the 60's as an example of why free association is a bad idea... except many of those restaurant owners would have loved to have served black customers and collect their money... but they were not allowed to because of government restrictions on who they could serve. If we had simply lifted the restrictions and let the market decide, the businesses who chose not to serve certain people would simply find that they could not compete with those who did.
Imagine if such a restriction was legal today. Would anybody dare try to run a "whites only" restaurant in Atlanta? Not only would you miss out on all the black customers who would eat at the restaurant across the street, but a most whites would refuse to ever set foot in there as well. Kind of tough to run a business when red-neck bigots (a tiny minority of the Atlanta population) are your only clients.
(By the way, newspapers refuse to run ads all the time. The Saint Paul Pioneer Press was recently criticized for accepting ads from strip clubs, and so they changed their policy to not accept them. Censorship is commonplace. /. even lets you censor out Jon Katz articles, if you want to. The First Amendment is only meant to protect us from government censorship. That why it say "Congress shall make no law..." instead of "businesses shall set no policy...")
Re:/. = ZDNet? (Score:2)
Well, no. They are not "losing readers" - If anything they are becoming more popular. I read it because it's still a pretty darn good discussion forum most of the time, sticks to topics that geeks are interested in, and highlights a lot of interesting stories out on the web that I might not have seen otherwise.
They are not in a "downfall", but these momentary lapses of quality control do not reflect well on them.
They are not a "former news heavyweight", because they never were a news heavyweight.
Re:It is not anything like... (Score:2)
Actually, I've always found that the biggest zealots, of any cause, are the converts.
Most people I know that grew up in strict fundamentalist homes are nice people who live quiet lives, don't give a rat's ass about what you think of them, and don't really behave like the stereotype you might imagine when you hear the word "fundamentalist".
It's always the former heroin addict who would have died if not for his conversion that carries a big cross around, writes bible verses on his shirt, and shouts at people on school campuses for not having conservative haircuts. Or they go on TV and pretend they can heal people. Or they form "concerned parent" groups that try to stop you from listening to "evil" music.
As with any cultural minority, the only ones you ever notice are the ones you are least likely to like.
Re:This just gets worse and worse. (Score:2)
No doubt some of the posters are hyperlibertarians, but what has this got to do with the orignal question? There was not even the remotest suggestion that the religious site was enagaing in any sort of behavior that was in any way illegal. Nor was there any suggestion that the relgious site was enagaged in activities that might be construed as violating other anyone else's rights.
In this case the ISP closed down free expression of religious views, because some anonymous cowards electronically attacked the ISP for hosting the religious site. Seems like bad business, a horrible precedent, and downright lousy behavior.
Full disclosure: I am no hyperlibertarian, I'm generally a cybercentrist. Furthermore, personally I find nearly all religious views childish and often find them offensive, Marx and Engles were too easy on religion. But even holding these views, it seems obvious that protecting free expression of religious views is nearly the purest example of the sort of speach that should be protected.
The essence of free expression on the internet is that we must endure both the hyperlibertarians and the authoritarians. Whether we like it or not, they have the right to express themselves and their debate will be conducted here as it will be elsewhere. We can only hope that neither camp wins, though the pendulum will certainly swing between them.
Anyway, their free speech is the price I pay for the right to offer up my insights/not.
This just gets worse and worse. (Score:5)
It's been said before, but I'm really terrified of the path we are increasingly following. When I read Titan by Stephen Baxter, I thought his future vision of a regulated and partitioned Internet, heavily under the thrall of government censorship, was insane. A free and open Internet is impossible to prevent, I thought. But it's not. All the government has to do is go to some buildings somewhere in the country and take over, and they can cut links to the outside world -- not easily, but they can. They can shut down all but government-sanctioned communication. And if current trends of regulation, censorship and litigation continue, this is what will happen. We will trade a completely free medium for the petty dollars being lost by a few big companies, we will trade the ability to express ourselves for the dubious security of thought police.
Are we insane? Why are we letting this happen? Every libel case, every time a site is shut down, every time another mouth is hushed we get closer to giving up our freedoms. And we're not doing anything about it. We need to stop these idiocies, we need to convince the lawmakers and the public at large that nothing is worth the abolition of free and unfettered speech. And above all, we need to do it now.
Otherwise, we'll just keep complaining about our lack of freedom until finally, one day, somebody tells us that we can't.
Re:Legal (Score:2)
An ISP is a business, they have to look out for themselves. Part of this is looking out for other customers. If an attack is aimed at one person, that causes the loss of service of 50 others, if dropping that one person fixes it, maybe it's the right choice.
Of course, if I were dropped in such a manner, I'd find a new ISP myself, but the ISP really has little choice in the matter.