Bugtraq mailing list archives
"Association of Responsible Internet Providers"?
From: david () FASTOLFE NET (David Nesting)
Date: Tue, 15 Feb 2000 14:58:37 -0600
With all of the focus on DDoS attacks lately, complaints of poor contact availability, etc., I began thinking again about an idea I had. If this has been attempted before (and apparently failed), my apologies, but it seems like this could be workable and desirable. Let's say we create a non-profit organization ("Association of Responsible Internet Providers", for example), and loosely certify ISP's and other access providers (including companies and universities -- anyone that provides 'Net access to a group of people) as being "responsible" in that they have working, 24-hour emergency contacts, have taken steps to eliminate or curb abuse of their services (such as filtering), and perhaps any of a dozen other conditions that one might assume any "responsible" provider will comply with (including, say, a public anti-spam policy and an aggressive policy to ensure exposed systems are up to date with patches and security fixes). Any member of this organization presumably would have taken all necessary steps to ensure that they will be cooperative and available for investigations (such as spoofed IP tracing), and generally will make every effort to place the good of the Internet first. If we can publicize the organization, and get it through to customers and ISP's alike that such a certification is desirable, people will begin demanding that their own providers be members. Would there be any interest in such an organization? Dues, if any, would be just enough to keep a modest staff (volunteers at first?) up with applications and periodic compliancy checks where possible. We'd also need to figure out what precisely would be required of members, keeping in mind that some conditions could change in a relatively small amount of time as new types of Internet threats evolve. It's been suggested that lesser ISP's with little funds to spare for extras like security and responsibility will be unable to comply with terms like these. Would it be fair to prevent them from joining such an organization? I personally think it would be quite fair, but it's an issue that might need a bit of further probing. Comments? David -- == David Nesting WL7RO Fastolfe david () fastolfe net http://fastolfe.net/ ==
Current thread:
- Re: DDOS Attack Mitigation, (continued)
- Re: DDOS Attack Mitigation John Edwards (Feb 15)
- Re: DDOS Attack Mitigation Ryan Russell (Feb 16)
- Administrivia Elias Levy (Feb 16)
- Re: DDOS Attack Mitigation John Payne (Feb 14)
- Re: DDOS Attack Mitigation Julien Nadeau (Feb 14)
- Re: DDOS Attack Mitigation Bennett Todd (Feb 15)
- rp_filter? (was Re: DDOS Attack Mitigation) Julien Nadeau (Feb 18)
- Re: DDOS Attack Mitigation Homer Wilson Smith (Feb 14)
- Re: DDOS Attack Mitigation Andrzej Bialecki (Feb 14)
- Re: DDOS Attack Mitigation Darren Reed (Feb 14)
- "Association of Responsible Internet Providers"? David Nesting (Feb 15)
- Re: DDOS Attack Mitigation Andreas Busse (Feb 15)
- Re: Evil Cookies. Ari Gordon-Schlosberg (Feb 08)
- Re: Evil Cookies. Michael Bryan (Feb 08)
- Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 08)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 09)
- Re: Statistical Attack Against Virtual Banks Swift Griggs (Feb 09)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- SCO OpenServer SNMPD vulnerability NAI Labs (Feb 07)