Re: ISP Filtering (Survey of Sorts)

[Jason Storm <sec () orgone negation net>]

> A few questions:
>
> 1) Does anyone know of a list of known security-conscious ISP's (for larger
> corporate circuits) that are known for providing basic security services
> (ingress/egress filters, RFC1918's, and client-specific filter requests) to
> customers without hassle.

Ok first off; NANOG would be an excellent place to ask this.  That said,
here is my feedback:

Colocation or T1/DSL/etc?

Colo providers tend to have a lot more resources available for the above
configurations, and as the market is relatively cut-throat, will go the
extra mile to sell you some blanket security policy, providing your
salesperson isnt a whoring shill who will make any promise to get your
signature without the faintest interest in what resources are actually
available.

T1 and up providers dont get their hands dirty with client specific router
configuration for the same reasons that consultants get paid Big
Money: it requires a lot of work and generally speaking, an ongoing degree
of effort.  


> 2) Does anyone else have an ISP that, by policy, will not filter upstream?

Very few ISP's do filters, in fact I dont know of any who will without
a specific attack taking place (and even then, oye...).

Same logic as above.  Honestly Id be skeptical of any ISP that tried to
tell me they were going to take a client by client approach to configuring
ACL's etc.  The resources that would require would impose a cost overhead
that would look Wrong on paper from any angle, at any period in history,
in this empire or any other.

> Just curious if there are greener pastures...

You never know, nature abhors a vacuum and all...


-Jason Storm


> Thanks,
>
> Keith W. McCammon
> Sr. Network Engineer
> AdvanceMed Corporation
> 11710 Plaza America Drive
> Reston, VA 20190
> Phone: 703.261.4891
> Fax: 703.261.5300