Stupid Question: Network Abuse RFC?

• Previous message (by thread): Stupid Question: Network Abuse RFC?
• Next message (by thread): [Fwd: Unstable BGP Peerings?]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 14 Jan 2008, Paul Ferguson wrote:
> Instead of being an apologist for the problem, how would _you_
> suggest we address these process, procedural, and organizational
> issues?

If you look in the archives, in the past I've listed the things
that seem to be needed for those organizations to succeed.

Over the years, I've worked with people to launch new groups, such as 
ISP-ISAC, INOC-DBA, NSP-SEC, GIAIS and a few more.  Some more sucessful 
than others. Some won't admit me as a member anymore :-)

What are you trying to do?

Look at old security incident groups like CERT/CC, FIRST, NRIC and NSIE 
that have been around since the late 1980's/early 1990's.

Look at the middle-age groups like BORG, CIX, IOPS, ISPSEC, LINX, NANOG 
and RIPE.  And a bunch of temporary Y2K groups.

Look at the new groups like APWG, DA/MWP/etc, DDOS-WG, GIAIS/MVI/VIA/SCP/MSSA,
MAAWG, NSP-SEC, SECSAC/RSSAC, lots of *-ISACs.

I left out the academic or government only groups, there are soo many.

If you want to share information, there are lots of ways to do it.
Information does tend to move between the groups, unless you explicitly
say don't share the information.  The government folks are convinced
that industry leaks, while the industry folks are convinced that 
government leaks.

If you want to get people in a room so you can yell at them about the
lousy job they are doing, that's less useful.

Of course, in a few weeks, someone else will probably be yelling about
ISPs interfering with their right to do something or other.

• Previous message (by thread): Stupid Question: Network Abuse RFC?
• Next message (by thread): [Fwd: Unstable BGP Peerings?]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]