nanog mailing list archives
Question concerning authoritative bodies.
From: "Jack Bates" <jbates () brightok net>
Date: Sun, 9 Mar 2003 11:50:04 -0600
Here's the background: From: "Rich Kulawiec" on Spam-L mailing list
On Sun, Mar 09, 2003 at 10:58:18AM -0600, Jack Bates wrote:And this is what makes DNSBLs a good deal. Mark is asking for trouble
with
his theories. If every ISP and business issues its own scans, we only succeed in making scanning traffic worse than spam itself at a server resource level. We also increase the administration factor when mistakes
are
made. Instead of contacting 3-5 DNSBLs, one must contact every ISP that happened to do a scan during the outage period. Centralizing scanning
for
security issues is a good thing in every way. It is the responsible
thing to do.
I must reluctantly agree. (The reluctance stems from my desire not to intrude on others' networks. However, it's been overcome by the reluctance to be abused by those networks.) Centralized, or quasi-centralized, scanning with appropriate safeguards (to minimize frequency) and appropriate assignment of responsibility, beats the heck out of having thousands of independent entities repeating the same scans and thus adding to the collective misery. If we agree on this (and I don't know that we all do) then the debate shifts to "who?" and "how?".
So I'm curious what people think. We have semi centralized various things in the past such as IP assignments and our beloved DNS root servers. Would it not also make sense to handle common security checks in a similar manner? In creating an authority to handle this, we cut back on the amount of noise issued. I bring this up because the noise is getting louder. More and more networks are issuing their own relay and proxy checks. At this rate, in a few years, we'll see more damage done to server resources by scanners than we do from spam and those who would exploit such vulnerabilities. I know that this is more service level than network level, except for the arguments continue to escalate over the rights of people to scan a network. These arguments would be diminished if an authoritative body handled it in a proper manner. At what point do we as a community decide that something needs to be done? Would it not be better to have a single test suite run against a server once every six months than the constant bombardment we see now? -Jack
Current thread:
- Question concerning authoritative bodies. Jack Bates (Mar 09)
- Re: Question concerning authoritative bodies. Valdis . Kletnieks (Mar 09)
- Re: Question concerning authoritative bodies. Jack Bates (Mar 09)
- Re: Question concerning authoritative bodies. Valdis . Kletnieks (Mar 09)
- Re: Question concerning authoritative bodies. Jack Bates (Mar 09)
- Re: Question concerning authoritative bodies. jlewis (Mar 09)
- Re: Question concerning authoritative bodies. Jack Bates (Mar 09)
- Re: Question concerning authoritative bodies. Valdis . Kletnieks (Mar 09)
- Re: Question concerning authoritative bodies. E.B. Dreger (Mar 09)
- Re: Question concerning authoritative bodies. J.A. Terranson (Mar 09)
- Re: Question concerning authoritative bodies. jlewis (Mar 09)
- Re: Question concerning authoritative bodies. up (Mar 09)