On Wed, 9 Oct 2013 09:28:38 -0400 "Moriarty, Kathleen" <kathleen.moria...@emc.com> wrote:
> But either way, the new reality seems to be that we have a demonstration that > a set of governments want to pervasively monitor everything. And I'm sure > there're others also trying that. And now there'll be a whole new set trying > to join that club. So even the governments that want to monitor everyone else > will I think soon realise that they're better off it they themselves/their > citizens are less easy to monitor. But that is only one of the major problems: The other is that these idiots are trying to turn the internet into a theater of war. They are actively attackng user systems, not just other state actors. I am not sure if they are actually building botnets of user machines to use as weapons, but they may be. At the least they are attacking routers to gain access for surveillance. NSA has publicly _admitted_ to attacking over 200 systems. By their own definition, those are acts of war. By most of _our_ definitions, they are, at the least, hacking. Why should any of their packets be allowed on the public internet? > I'm very simple: this is an attack on the network. If we treat it that way, > and do that well, we might all win. I heartily agree and I think this should be treated as such. All the way to the 'nuclear option', if necessary. The threat is complex and diffuse. But consider, there is another, somewhat similar threat we have been dealing with for many years, the spam and hacker problems - and some of the specific solutions used for this have been effective. The antispam community has made community blocklists, used to block email - very effective. Now, even whole providers can find thenselves in blocklists if they do not make an honest attempt to rid themselves of spammers. In the early days, I remember the Cyber Promotions era (Sanford Wallace) and that there was one backbone which decided to allow his business on it that was so heavily blocked and null-routed that it was, if not the cause, at least contrbutory to, its demise. Maybe we need (voluntary) blocklists for routers, and a similar public response. 'Attack other systems, and you may find ALL your space null routed by blocklists, including nominally unrelated public sites'. Like your spy agency recruiting sites, for example. RFX-xxxx 'Internet routers, gateways, and firewalls MUST make a good faith effort to drop packets from hosts or networks known to be deliberately attacking other hosts or networks, and SHOULD also block other packets controlled by the same entity'. Including governments. It would be nice if all routers had a away to use the kind of blocklists commonly used in email programs (in MTAs). Because of the amount of spam and hacking that comes from Chinese space, I regularly just block ALL their space, unless there is a business or other good reason not to. This is on -small- business systems, of course. But there are a LOT of those. A lot more than there are large Google sized systems - people forget this. If I had a good blocklist for NSA space, GHCQ space, and other defense space, right now I would block it all too, for the same reasons. It's just self defense. We have one advantage over the bad guys, which, if we can find good ways to use it, will insure we can win: we outnumber them many, many times over. Blocklists are effective because many, many systems voluntariy use them. Nobody -mandated- that, but a mechanism was found to make it -easier-. Yeah, I am a little angry... ;-) I probably shouldn't write stuff to this list after I have been up all night. -Mike _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
