"Default" Internet Service (was: Re: Points on your Internet driver's license)

Sean Donelan sean at donelan.com
Sun Jun 13 10:31:35 UTC 2004


On Sun, 13 Jun 2004, John Curran wrote:
> I'll argue that we have don't effective methods of dealing with this today,
> and it's not the lack of abuse desk people as much as the philosophy of
> closing barn doors after the fact.   The idea that we can leave everything
> wide open for automated exploit tools, and then clean up afterwards
> manually with labor-intensive efforts is fundamentally flawed.

Selling people barn doors and barn door audits is easier than figuring
out how the rustlers are getting the horses. The problem is the horses
aren't being rustled(?) through the barn doors.  If they were, you would
expect to see a difference between barns with doors and barns without
doors.  But in practice, we see people with and without firewalls with
infected computers.  Network level controls aren't as effective as
some people hope at stopping many things.  ISPs should stop porn, ISPs
should stop music sharing, ISPs should stop viruses, ISPs should
stop <insert here>.  Yet somehow users manage to find a way around
all of them.

What are good predictors?  There aren't any great ones, but there are
some.  Can we use them effectively?

So what makes some users more likely or less likely to have infected
computers?  How do they become infected, but other users don't?  What's
different between the two groups?




More information about the NANOG mailing list