This will be my last post on this issue.
In this case:
1) Almost certainly the traffic was due to a worm.
2) Almost certainly the ISP knew (or strongly suspected) the traffic was
due to a worm.
3) Quite likely, the ISP never carried most of the traffic to its
destination. Once they knew it was worm traffic, they were probably
filtering by port.
4) The ISP should not have carried the attack traffic, if they actually
did. Doing so is negligent and creates additional innocent victims. Maybe
they would give their customer a short time to straighten things out, but
5) An ISP should not be paid for traffic they only carried out of their own
negligence. This doesn't negate the customer's responsibility to anyone but
the ISP and only if the ISP is actually negligent, not just the customer.
Yes, given the facts we know, it's possible that the ISP really does
deserve to be paid, this traffic wasn't due to a worm, or there was no way
the ISP could be sure. However, far more likely, the facts are as I state
So why does everyone think the ISP is almost certainly entitled to be paid?
Is it because they're ISPs? Is it because it's easy to blame someone else?