Points on your Internet driver's license

Randy Bush randy at psg.com
Sun Jun 13 19:15:29 UTC 2004


> My inbox overflows with complaints about the analogy

and, undoubtedly, you think your isp should block that traffic.
:-)/2

> Hopefully, the appliances (e.g. MS Windows) will get better
> over time, but in the meanwhile, how do we limit the damage?

> If user education is the answer, then let the user get
> educated enough to figure out he's NAT'ed and proxied, and
> then ask to have the raw IP service.

how is the user going know the brokenness you net vigilantes
propose to impose from the brokenness the other miscreants
impose?  

tell us, john, when you were at xo and gt&e, how much did you
educate your users as to to the perils of running open; how
much education and notification did you give them about
applying security patches; ...?  perhaps before we screw 'em we
could give 'em a bit of sex ed?

just to bore you, i'll repeat a bit from a couple of days ago.

randy

---

From: Randy Bush <randy at psg.com>
Date: Fri, 11 Jun 2004 16:37:27 -0700
To: Henry Linneweh <hrlinneweh at sbcglobal.net>
Cc: nanog at merit.edu
Subject: RE: Even you can be hacked

yes, we're gonna hack desperately for a decade to make up for
asecure (innocent of, as contrasted with devoid of, security)
application protocols and implementations.  it'll take half
that time for the ivtf and the vendors to realize how deeply
complexity is our enemy.  and until then we'll hack everywhere
in our desperation.

but in the long run, i don't think we can win with an active
middle.

the problem is that the the difference betwen good traffic and
bad traffic is intent.  did the sender intend to send / reveal
those data?  did the recipient wish to receive them?

and, i don't think we can stand in the middle and judge.  and
there's the rub.

...




More information about the NANOG mailing list