Re: ISP Operators AISURU/Kimwolf botnet

[Tom Beecher via NANOG <nanog () lists nanog org>]

> If you didn’t want your customers being infected then don’t serve them
> malware and then blame them for getting owned and it impacting on your
> network or your upstreams.


ISPs aren't 'serving customers malware'. Come on.

There is a shared responsibility here. ISPs need to take reasonable
precautions to block bad, while also ensuring that users can use the access
they provide in the ways they chose to do so. End users need to have a
basic level of understanding that the 'naked' internet is a nasty place,
and many network enabled devices are poorly designed, so having some level
of network security is important.



On Sat, Jan 17, 2026 at 9:23 AM Mike Simpson via NANOG <
nanog () lists nanog org> wrote:

> Again tho.
> What does it matter to the customer. It’s not impacting on their bottom
> line. They are used to fairly rubbish service for a huge multitude of
> reasons so their bandwidth being a bit slashdotted doesn’t matter to them.
> That’s why it’s a ddos.
>
> The only reason they got infected wasn’t their fault. It’s the fault of
> every company that believes that a eula is the end of their liability.
>
> If you didn’t want your customers being infected then don’t serve them
> malware and then blame them for getting owned and it impacting on your
> network or your upstreams.
>
> This is something that should have been sorted out after nimda but that
> wouldn’t have boosted shareholder value apparently.
>
> Your users aren’t aware that it’s not safe to plug stuff into the network
> you provide in the same way that they would expect a firewall not to get
> them owned or that a VPN device would be safe to use.
>
> -this is our fault, our failing, and we need to stop our knee jerk victim
> shaming and do better.
>
> > On 17 Jan 2026, at 12:49, Mel Beckman <mel () beckman org> wrote:
> >
> > Mike,
> >
> > I agree with you where ISPs choose insecure CPE and force their
> customers to use it. But in the case of AISURU, It’s not the CPE causing
> the problem, it’s the customer’s buggy android-based IoT.
> > -mel
> >
> > > On Jan 17, 2026, at 4:16 AM, Mike Simpson <mikie.simpson () gmail com>
> wrote:
> > > “immediately recognize any they own, which will drive home the point
> that this is their problem”
> > > That’s some grade A victim blaming bs there.
> > >
> > > “The rubbish CPE that we forced you to have is now owned and it’s
> upsetting our eyeballs only peering arrangements so you need to sort it out”
> > > ISPs are only not accountable legally for the content of the packets
> they transport. That doesn’t mean they are not responsible for the terrible
> routers they give out.
> > > Your customers in the main don’t care as they are used to flaky
> internet service. It’s the problem of the ISP as it only really impacts on
> them in an aggregated form so as that’s where the pain is, that’s who is
> “it” for solving it.
> > > -don’t hand out cheap pos un-updatable CPE or do (shareholder value/
> enshittification) and accept the consequences with good grace.
> > > > > On 17 Jan 2026, at 02:10, Mel Beckman via NANOG <
> nanog () lists nanog org> wrote:
> > > > immediately recognize any they own, which will drive home the point
> that this is their problem
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/SAEZI4VPMBOHWTH267E5ZOFIIOREGHYO/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/E2BD7PX6QAJUFF33USOVWDBWBW3BTMTF/