nanog mailing list archives
Re: ISPs not liable for hostile code sent between users
From: "Jack Bates" <jbates () brightok net>
Date: Thu, 23 Jan 2003 18:15:46 -0600
On Tue, 21 Jan 2003, todd glassey wrote:
Vadim - the instant someone sues a Provider for sexual harassment from
their
spam epidemic you will start to see things change. The reason that No-Sane provider will block these ports or services is because they have been listening to their Network Admins too long, and in fact the problem is
that
they are not sane providers. What they are, and this is pretty much true
Actually, most provider won't block ports due to service contracts with customers. Mail filters easily allow for exceptions to the rule. However, IP layer filters do not allow such exceptions without extensive overhead. Is a rural ISP that is forced to use older routers for modem banks to deal with rural telco issues required to run an authentication method that allows per user filtering despite the fact that such methods seriously inhibit the performance of the modem bank? Or should such a provider block specific IP ranges or ports at a global level despite the fact their clients actually use the valid services registered to those ports? It is not the responsibility of the provider to secure the individual's machines. The provider's responsibility is to the network as a whole. We designed a stupid network so that interoperability would be optimal. The second you start building smart networks, you have conflicts. Look at the caching engines of today. There is not a single cache mechanism that is guaranteed to work with 100% of the content its designed to cache. Another example would be the recent 69/8 issues; Smart networks trying to protect themselves and damaging legitimate traffic in the process. Jack Bates Network Engineer BrightNet Oklahoma
Current thread:
- Re: OT: FW: Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- Re: OT: FW: Re: Is there a line of defense against Distributed Reflective attacks? Chris Parker (Jan 22)
- Re: OT: FW: Re: Is there a line of defense against Distributed Reflective attacks? Scott Granados (Jan 22)
- OT: Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Petri Helenius (Jan 22)
- Re: OT: Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Marshall Eubanks (Jan 22)
- Re: OT: Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Petri Helenius (Jan 23)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Vijay Gill (Jan 22)
- Re: Streaming Video Bandwidth Requirements, WAS: FW: Re: Is there a line of defense against Distributed Reflective attacks? Numetra (Jan 24)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Damian Gerow (Jan 22)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Damian Gerow (Jan 22)
- ISPs not liable for hostile code sent between users Sean Donelan (Jan 23)
- Re: ISPs not liable for hostile code sent between users Jack Bates (Jan 23)
- Re: Is there a line of defense against Distributed Reflective attacks? Sean Donelan (Jan 18)
- Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 18)
- Re: Is there a line of defense against Distributed Reflective attacks? Sean Donelan (Jan 19)
- RE: Is there a line of defense against Distributed Reflective attacks? Deepak Jain (Jan 19)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 19)
- RE: Is there a line of defense against Distributed Reflective attacks? Deepak Jain (Jan 19)
- Re: Is there a line of defense against Distributed Reflective attacks? David Howe (Jan 20)
- OT: Is there a line of defense against Distributed Reflective attacks? Al Rowland (Jan 20)