Schneier: ISPs should bear security burden
Steve Sobol
sjsobol at JustThe.net
Thu Apr 28 01:48:19 UTC 2005
Bill Stewart wrote:
> You could solve 90% of the problems that you perceive are being caused
> by unrestricted
> cable modem users by using blocklists to ignore traffic from them.
Which would be great if cable/DSL providers offered some insight into which of
their netblocks should be blocked and which shouldn't, but that generally isn't
the case, so by blocking a certain ip or /24 or whatever, I don't know if I'm
blocking customers whose TOS allows them to run servers, or even perhaps
blocking Internet-facing servers run by the provider.
(Aside from other valid issues mentioned in a reply that apparently hasn't hit
nanog yet)
> As somebody who picked a DSL provider specifically because it allows me to
> run any kind of server I want
What's rDNS for the ip address(es) assigned to you?
> I'm not highly in favor of blocking
> traffic from broadband users
> and killing the end-to-end principle that makes the Internet work,
I'm not in favor of mindless blocking of entire netblocks that may contain
stuff that should not be blocked, but broadband providers are notorious for
(e.g.) lumping residential customers that can be blocked, with no collateral
damage, in the same netblocks as business customers who need to run Internet
facing servers, and (e.g.) not providing an easy way to differentiate between
the two classes of customer in the first place.
--
JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638)
Steven J. Sobol, Geek In Charge / sjsobol at JustThe.net / PGP: 0xE3AE35ED
"The wisdom of a fool won't set you free"
--New Order, "Bizarre Love Triangle"
More information about the NANOG
mailing list