Bugtraq mailing list archives
"Association of Responsible Internet Providers"?
From: david () FASTOLFE NET (David Nesting)
Date: Tue, 15 Feb 2000 14:58:37 -0600
With all of the focus on DDoS attacks lately, complaints of poor contact
availability, etc., I began thinking again about an idea I had. If this
has been attempted before (and apparently failed), my apologies, but it
seems like this could be workable and desirable.
Let's say we create a non-profit organization ("Association of Responsible
Internet Providers", for example), and loosely certify ISP's and other
access providers (including companies and universities -- anyone that
provides 'Net access to a group of people) as being "responsible" in
that they have working, 24-hour emergency contacts, have taken steps to
eliminate or curb abuse of their services (such as filtering), and perhaps
any of a dozen other conditions that one might assume any "responsible"
provider will comply with (including, say, a public anti-spam policy and
an aggressive policy to ensure exposed systems are up to date with patches
and security fixes). Any member of this organization presumably would
have taken all necessary steps to ensure that they will be cooperative and
available for investigations (such as spoofed IP tracing), and generally
will make every effort to place the good of the Internet first.
If we can publicize the organization, and get it through to customers
and ISP's alike that such a certification is desirable, people will
begin demanding that their own providers be members.
Would there be any interest in such an organization?
Dues, if any, would be just enough to keep a modest staff (volunteers
at first?) up with applications and periodic compliancy checks where
possible. We'd also need to figure out what precisely would be required
of members, keeping in mind that some conditions could change in a
relatively small amount of time as new types of Internet threats evolve.
It's been suggested that lesser ISP's with little funds to spare for
extras like security and responsibility will be unable to comply with
terms like these. Would it be fair to prevent them from joining such
an organization? I personally think it would be quite fair, but it's
an issue that might need a bit of further probing.
Comments?
David
--
== David Nesting WL7RO Fastolfe david () fastolfe net http://fastolfe.net/ ==
Current thread:
- Re: DDOS Attack Mitigation, (continued)
- Re: DDOS Attack Mitigation John Edwards (Feb 15)
- Re: DDOS Attack Mitigation Ryan Russell (Feb 16)
- Administrivia Elias Levy (Feb 16)
- Re: DDOS Attack Mitigation John Payne (Feb 14)
- Re: DDOS Attack Mitigation Julien Nadeau (Feb 14)
- Re: DDOS Attack Mitigation Bennett Todd (Feb 15)
- rp_filter? (was Re: DDOS Attack Mitigation) Julien Nadeau (Feb 18)
- Re: DDOS Attack Mitigation Homer Wilson Smith (Feb 14)
- Re: DDOS Attack Mitigation Andrzej Bialecki (Feb 14)
- Re: DDOS Attack Mitigation Darren Reed (Feb 14)
- "Association of Responsible Internet Providers"? David Nesting (Feb 15)
- Re: DDOS Attack Mitigation Andreas Busse (Feb 15)
- Re: Evil Cookies. Ari Gordon-Schlosberg (Feb 08)
- Re: Evil Cookies. Michael Bryan (Feb 08)
- Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 08)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 09)
- Re: Statistical Attack Against Virtual Banks Swift Griggs (Feb 09)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- SCO OpenServer SNMPD vulnerability NAI Labs (Feb 07)