nanog mailing list archives

Re: Nato warns of strike against cyber attackers


From: Paul Ferguson <fergdawgster () gmail com>
Date: Tue, 8 Jun 2010 14:52:16 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Jun 8, 2010 at 1:30 PM, Brielle Bruns <bruns () 2mbit com> wrote:

On 6/8/10 2:12 PM, Dave Rand wrote:

It's really way, way past time for us to actually deal with compromised
computers on our networks.  Abuse desks need to have the power to filter
customers immediately on notification of activity.  We need to have
tools to
help us identify compromised customers.  We need to have policies that
actually work to help notify the customers when they are compromised.

None of this needs to be done for free.  There needs to be a "security
fee" charged _all_ customers, which would fund the abuse desk.

With more than 100,000,000 compromised computers out there, it's really
time for us to step up to the plate, and make this happen.


Problem is, there's no financial penalties for providers who ignore abuse
coming from their network.


Actually, the real problem is that if providers *don't* start doing
something to remediate abuse originating within their customer base -- and
begin policing themselves -- I don't think they will like someone else
(e.g. the gummint) forcing them to do something (which actually may be
worse).

The opportunity for providers to address this problem by policing
themselves is being overshadowed by the real possibility that the
government may step in and force them to do so, unfortunately.

$.02,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFMDrt9q1pz9mNUZTMRAl7nAKC3hrq4Jbyq3HzOPJBrQFSDAESroACgxzPu
ZiRk4x2DQGNqPcLOn/iqDIA=
=x4JB
-----END PGP SIGNATURE-----



-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/


Current thread: