The Internet's Immune System

Paul Vixie vixie at vix.com
Thu Nov 13 00:37:00 UTC 2003


here's what i learned about a white-hat registry.  nobody cares.  this is
perceived as an assymetric benefit, where the costs (even if there's no
money, there's still effort in registering initial and new address space
or AS#'s or whatever) are borne by the network owner and the benefits are
felt by victims of various forms of abuse (spam, ddos, virus, whatever.)

now, anyone who thinks this through will realize that the benefit is NOT
assymetric.  this is a tide (storm) that can lift (destroy) all boats.  a
network owner who deals swiftly with abuse becomes an anathema for abusers
and thus has lower overall abuse costs.  and a network of network-owners
who all behaved that way would make abuse rare enough to be worth tracking
again.

however, from a marketing/perception standpoint, the benefit appears to
be assymetric, and in this economy, network owners don't feel generous.
so the first task isn't upgrading incidents.org or mail-abuse.org to 
handle white-hat network owner registration, but rather, convincing
network owners that it's in their own selfish best interests to receive
rapid and reliable complaints when abuse comes from/through their customer.

and frankly, if that were possible, the [email protected]${MOST_ISPS} would not be
a blackhole with robothanks at the door.  so, i'm not hopeful that the
internet's immune system is simply in need of better incident reporting.
we need a "sea change" in network-owner attitudes.  if you're feeling
holier than thou for any reason, find out if your peering agreements
require your peers to permanently disconnect repeat abuse sources, and
to temporarily disconnect first time abuse sources.  assuming that $YOU
do these things, but that $YOUR_PEERS do not, then what have you really
accomplished?
-- 
Paul Vixie



More information about the NANOG mailing list