Security Incidents mailing list archives
Re: ISP Filtering (Survey of Sorts)
From: Jason Storm <sec () orgone negation net>
Date: Thu, 31 May 2001 22:31:44 -0700 (PDT)
A few questions: 1) Does anyone know of a list of known security-conscious ISP's (for larger corporate circuits) that are known for providing basic security services (ingress/egress filters, RFC1918's, and client-specific filter requests) to customers without hassle.
Ok first off; NANOG would be an excellent place to ask this. That said, here is my feedback: Colocation or T1/DSL/etc? Colo providers tend to have a lot more resources available for the above configurations, and as the market is relatively cut-throat, will go the extra mile to sell you some blanket security policy, providing your salesperson isnt a whoring shill who will make any promise to get your signature without the faintest interest in what resources are actually available. T1 and up providers dont get their hands dirty with client specific router configuration for the same reasons that consultants get paid Big Money: it requires a lot of work and generally speaking, an ongoing degree of effort.
2) Does anyone else have an ISP that, by policy, will not filter upstream?
Very few ISP's do filters, in fact I dont know of any who will without a specific attack taking place (and even then, oye...). Same logic as above. Honestly Id be skeptical of any ISP that tried to tell me they were going to take a client by client approach to configuring ACL's etc. The resources that would require would impose a cost overhead that would look Wrong on paper from any angle, at any period in history, in this empire or any other.
Just curious if there are greener pastures...
You never know, nature abhors a vacuum and all... -Jason Storm
Thanks, Keith W. McCammon Sr. Network Engineer AdvanceMed Corporation 11710 Plaza America Drive Reston, VA 20190 Phone: 703.261.4891 Fax: 703.261.5300
Current thread:
- Re: ISP Filtering (Survey of Sorts) Jason Storm (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Christian Schwalm (Jun 02)
- <Possible follow-ups>
- RE: ISP Filtering (Survey of Sorts) Jason Lewis (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Kath (Jun 01)
- RE: ISP Filtering (Survey of Sorts) Booth, David CWT-MSP (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Joe Shaw (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Nick FitzGerald (Jun 02)
- Re: ISP Filtering (Survey of Sorts) macdaddy (Jun 02)
- Re: ISP Filtering (Survey of Sorts) Jens Hektor (Jun 03)
- Re: ISP Filtering (Survey of Sorts) Brett Glass (Jun 02)