ICANNs role [was: Re: On-going ...]
Matthew Crocker
matthew at crocker.com
Tue Apr 3 14:01:15 UTC 2007
> Seriously though- why do we keep blaming the infrastructure for the
> mind boggling stupidity of users?
There will always be users that don't understand technology. You
call them stupid, I call them mom & dad, brother & sister. If you
maintain the attitude that it is the 'stupid' users fault the
Internet is insecure then you will never see a secure Internet. The
Infrastructure must be able to protect itself from its users. It
isn't that hard to throw a outbound port 25 filter on your edge and
force all of your users to send mail through your mail server. It
isn't that hard to require SMTP_AUTH for all mail transactions on
that server. It also isn't that hard to deploy a snort box to look
for 'bad' traffic and kick the users PPPoE session offline.
We need a 'drivers license' for the 'information super highway'
companies/ISPs must be able to show a certain level of competency
before they can buy bandwidth from the 'Internet'. If they don't
have that competency then they need to purchase it from an ISP that
can provide the competency. It is the ISPs job to protect the
network from its users (IMHO).
If it really concerns you, protect your corner of the IP world, run
an IDS find the 'bad' traffic and dynamically update your BGP
sessions to null route the ASNs you don't feel 'do the right thing'.
If you get good enough at it maybe you could publish a eBGP feed of
the 'ASNs I don't like' and people can subscribe to it. Sure there
will be some pain, but when you swing a big axe, there is bound to be
some blood.
-Matt
--
Matthew S. Crocker
President
Crocker Communications, Inc.
Internet Division
PO BOX 710
Greenfield, MA 01302-0710
http://www.crocker.com
More information about the NANOG
mailing list