On-going Internet Emergency and Domain Names (kill this thread)

• Previous message (by thread): On-going Internet Emergency and Domain Names (kill this thread)
• Next message (by thread): On-going Internet Emergency and Domain Names (kill this thread)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 31 Mar 2007, Jeff Shultz wrote:

> Does that sound about right?

If ISPs cannot be forced into running a 24/7/365 response function, I 
don't see the registry/registrars doing it.

Solving this at the DNS level is just silly, if you want to solve it it 
either you get to the core (block IP access, perhaps by BGP blacklisting) 
or go to level 8, ie the human level, and get these infected machines off 
the net permanently.

So Gadi, to accomplish what you want you need to propose to the ISPs all 
over the net that what you're trying to do is so important that some 
entity publishing a realtime blacklist is important enough that all major 
ISPs should subscribe to a BGP blackhole list from there. Also that this 
is important enough to seriously violate the distributed structure of the 
net today that has made it into the raging success it is today. It's not 
perfect, but it works, and it doesn't have a single point of failure.

... and people have very bad experiences from blacklists not being 
maintained properly.

-- 
Mikael Abrahamsson email: swmike at swm.pp.se

• Previous message (by thread): On-going Internet Emergency and Domain Names (kill this thread)
• Next message (by thread): On-going Internet Emergency and Domain Names (kill this thread)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]