Security Incidents mailing list archives

RE:Nimda et.al. versus ISP responsibility ---> a few thoughts

From: Kee Hinckley <nazgul () somewhere com>
Date: Thu, 27 Sep 2001 16:33:09 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 11:34 AM -0700 9/27/01, Marc Ducharme wrote:

I also think that ISPs could react to protect their clients when worm
spreads. Adding a few lines to their routers to block a worm's profile
should not be a big deal.


Blocking ports to/from all machines inside an ISP network is simple.
Blocking ports to/from some machines inside an ISP network probably 
requires new software/hardware.
Blocking *content* to/from any machines inside an ISP network is a 
huge hit on performance and resources.  The difference in 
software/hardware required to route a packet vs. examine the packet 
is huge.
- -- 

Kee Hinckley - Somewhere.Com, LLC
http://consulting.somewhere.com/
nazgul () somewhere com (or ...!alice!nazgul for time travelers :-)

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQA/AwUBO7OOPCZsPfdw+r2CEQLPJgCdHXVo6nXBKr0pPRqHs8ERDJ+8pwQAoOAZ
Kz291i2KOfJeQkv8JPZGbmjK
=XDFf
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

RE:Nimda et.al. versus ISP responsibility ---> a few thoughts Marc Ducharme (Sep 27)
- RE:Nimda et.al. versus ISP responsibility ---> a few thoughts Kee Hinckley (Sep 27)
- <Possible follow-ups>
- RE:Nimda et.al. versus ISP responsibility ---> a few thoughts Bill_Royds (Sep 27)
- RE: Nimda et.al. versus ISP responsibility ---> a few thoughts Alejandro Mezcua (Sep 27)