nanog mailing list archives
Re: Schneier: ISPs should bear security burden
From: Dan Hollis <goemon () anime net>
Date: Thu, 28 Apr 2005 02:07:15 -0700 (PDT)
On Thu, 28 Apr 2005, Iljitsch van Beijnum wrote:
The problem is that the maliciousness of packets or email is largely in the eye of the beholder. How do you propose ISPs determine which packets the receiver wants to receive, and which they don't want to receive? (At Mpps rates, of course.)
Its not up to the ISP to determine outbound malicious traffic, but its up to the ISP to respond in a timely manner to complaints. Many (most?) do not.
There are many ISPs that do less than they should, though. (Allow spoofed sources, don't do anything against hosts that are reported to send clearly abusive traffic, sometimes even at DoS rates...)
This is what I mean by the environmental polluter model. Providers who continually spew sewage and do nothing to shut off attackers under their domain despite repeated pleas from victims. An paper by Jeffrey Race - http://www.camblab.com/nugget/spam_03.pdf was written about the spam problem, but touches on fraud and other malicious activity. The general attitude in the paper regarding provider's responses to spam complaints also applies to ddos and other attacks. It's also interesting to note where Mr. Ebbers is today. Has the situation gotten better? Maybe at uunet it has since mr. ebbers "departure", but most other places it appears to only have gotten worse[1]. Bigpond let things get so out of hand that their own network began to crumble, which is the only time I can think of in recent history that they've ever taken action to disconnect zombies. You can be certain the victims on the receiving end of bigpond's zombied customers have little sympathy for bigpond's situation. Remember, this is the ISP whos abuse@ box auto-deleted complaints for "unacceptable language". When you're so bad that AOL has to block you[2], you should probably consider cleaning up your network. Sadly these official policies of 'do nothing' come from the top, so engineers and administrators who are in a position to actually take action against blatant network abuse, are actually explicitly forbidden to take any action. So the real question seems to be how to effectively apply a cluebat to CEOs to get a reasonable abuse policy enforced. Nanog can host all the meetings it wants and members can write all the RFCs they want, but until attitudes change at the top, nobody will be allowed to do anything at the bottom. -Dan [1] http://sucs.org/~sits/articles/ntl_dont_care/ [2] http://www.smh.com.au/articles/2003/04/29/1051381931239.html?oneclick=true
Current thread:
- Re: Schneier: ISPs should bear security burden, (continued)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Michael . Dillon (Apr 27)
- Message not available
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Dan Hollis (Apr 27)
- Re: Schneier: ISPs should bear security burden Daniel Roesen (Apr 27)
- Re: Schneier: ISPs should bear security burden Petri Helenius (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Dan Hollis (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Iljitsch van Beijnum (Apr 28)
- Re: Schneier: ISPs should bear security burden Dan Hollis (Apr 28)
- Re: Schneier: ISPs should bear security burden Adi Linden (Apr 28)
- Re: Schneier: ISPs should bear security burden Petri Helenius (Apr 28)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 28)
- Re: Schneier: ISPs should bear security burden Barry Shein (Apr 29)
- Re: Schneier: ISPs should bear security burden James Baldwin (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Adi Linden (Apr 28)
- Re: Schneier: ISPs should bear security burden Iljitsch van Beijnum (Apr 28)
- Re: Schneier: ISPs should bear security burden Adi Linden (Apr 28)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 28)