ISPs' willingness to take action

Scott Francis darkuncle at
Mon Nov 3 23:05:03 UTC 2003

On Sun, Oct 26, 2003 at 06:01:09PM -0700, kenw at said:
> I'm a little puzzled, and I hope people won't object to my asking about
> this.
> As I see it, we're experiencing an ever-increasing flood of garbage network
> traffic.  While not all of it is easy or appropriate to target, it seems to
> me there's some "low hanging fruit" that could generate serious gains with
> relatively little investment.
> A few things that make sense to me (as a non-ISP network consultant)
> include:

Some good thoughts in this thread. I think Sean is right about this being an
end-user problem, and although we _can_ mitigate that problem somewhat at
other parts of the network, that amounts to treating the symptoms rather than
the disease.

The 3 things that would do the most to help eliminate this problem (millions
of easily 0wned end-user hosts) right now are all things that lie in
Microsoft's domain:

1) enable Internet Connection Firewall by default;
2) enable automatic Windows Update patch installation by defuault; [*]
3) modify the HTML engine in Outlook/OE such that it can ONLY render HTML,
and any active content is ignored - in other words, replace MSIE as a backend
HTML rendering engine with, say, lynx. [**]

(and even if the above were all incorporated into all subsequent releases of
Windows, it might take years before the old insecure hosts were finally
replaced ...)

Nothing new to this crowd, I'm sure, but I sure wish there was a way to make
this a priority to the folks at MS, who are really the only people with the
ability to make this happen. Without their compliance, the problem will never
improve (not as long as they're as dominant as they currently are).
Scott Francis || darkuncle (at) darkuncle (dot) net
      illum oportet crescere me autem minui

[*] I'm well aware of the potential disaster were the WindowsUpdate site to
be trojaned. However, corporate IT should be updating from a single server by
the schedule of their windows admins, and for everybody else ... it couldn't
be much worse than the current state of affairs.

[**] I've given up on hoping that email will return to the plain old text it
was intended to be. I'm in the minority on that opinion, and I'm willing to
settle for HTML in email if it can be rendered in a non-harmful manner (i.e.
plain vanilla HTML only).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list