Re: Schneier: ISPs should bear security burden

On Mon, 02 May 2005 13:16:40 EDT, Joe Maimon said: > Thats not quite what I was asking. Would you not have preferred being > able to do all the above simply by being able to assume that all these > "dialup" systems would not have any RDNS? Not having any RDNS would help, but... > Given a choic

Re: Schneier: ISPs should bear security burden

on Mon, May 02, 2005 at 01:16:40PM -0400, Joe Maimon wrote: > Steven Champeon wrote: > >on Sun, May 01, 2005 at 10:40:21PM -0400, Joe Maimon wrote: > > > >>What does the rest of the internet gain when all IPs have boilerplate > >>reverse DNS setup for them, especialy with all these wildly differi

Re: Schneier: ISPs should bear security burden

Steven Champeon wrote: on Sun, May 01, 2005 at 10:40:21PM -0400, Joe Maimon wrote: What does the rest of the internet gain when all IPs have boilerplate reverse DNS setup for them, especialy with all these wildly differing and wacky naming "conventions"? I don't care what the rest of the Intern

Re: Schneier: ISPs should bear security burden

i wrote: > >see http://www.isc.org/personalcolo/ for the longer version of this rant, and clearly my espresso hadn't hit yet, because that was wrong. someone said: > Hey Paul, > > FYI, that link doesn't work. :) and of course, the real link is . sorry!

Re: Schneier: ISPs should bear security burden

on Sun, May 01, 2005 at 10:40:21PM -0400, Joe Maimon wrote: > What does the rest of the internet gain when all IPs have boilerplate > reverse DNS setup for them, especialy with all these wildly differing > and wacky naming "conventions"? I don't care what the rest of the Internet gains, but I c

Re: Schneier: ISPs should bear security burden

[EMAIL PROTECTED] (Mark Andrews) writes: > By continuing to lump filtered and unfiltered addresses together > you are throwing out the baby with the bath water. the smtp protocol was designed in a time when ~Mbit/sec connections did not yet exist, and ~10Kbit/sec connections cost man

Re: Schneier: ISPs should bear security burden

On 5/2/05, Joe Maimon <[EMAIL PROTECTED]> wrote: > > Isnt it a much simpler world where simply having rDNS lends the > assumption of a supported "static" system as opposed to none? > yup, like ppp-12345.townname.dialup.example.com -- Suresh Ramasubramanian ([EMAIL PROTECTED])

Re: Schneier: ISPs should bear security burden

Nicholas Suan wrote: Suresh Ramasubramanian wrote: On 4/30/05, Steven Champeon <[EMAIL PROTECTED]> wrote: ANantes-106-1-5-107.w193-251.abo.wanadoo.fr You'll see 'abo' for 'cable', perhaps? as well as 'cable'. But for most abo = short for "abonnement", that is, "subscription" / "subscriber" Just

Re: Schneier: ISPs should bear security burden

In article <[EMAIL PROTECTED]> you write: > >[In the message entitled "Re: Schneier: ISPs should bear security >burden" on May 1, 12:25, "Jay R. Ashworth" writes:] >> Ok, so here's a question for your, Dave: >> >> do you have a proce

Re: Schneier: ISPs should bear security burden

On Sun, 01 May 2005 21:23:11 +0200, Brad Knowles said: > At 1:07 PM -0400 2005-05-01, [EMAIL PROTECTED] wrote: > > > I don't think *anybody* seriously expects the bus company to deny passage to > > people who happen to be burglars using public transportation to get to the ir > > next work site

Re: Schneier: ISPs should bear security burden

[In the message entitled "Re: Schneier: ISPs should bear security burden" on May 1, 12:25, "Jay R. Ashworth" writes:] > Ok, so here's a question for your, Dave: > > do you have a procedure for entertaining requests to be excluded from > your replies from pe

Re: Schneier: ISPs should bear security burden

On Sun, 01 May 2005 12:23:43 EDT, "Jay R. Ashworth" said: > The street is the transit providers. > > Road Runner is the car. (Well, *bus*, actually :-). > > If I put my kid on the bus, yes, I expect it to protect him. Small but important correction here: We expect the bus company to protect t

Re: Schneier: ISPs should bear security burden

On Fri, Apr 29, 2005 at 02:07:17AM -0700, Dave Rand wrote: > Dunno what a ton of ISP buy-in is, but the MAPS DUL now contains about > 190,000,000 entries. We've been working on it very hard for the last year or > two. Most ISP-level subscribers figure it stops a pretty large percentage of > the

Re: Schneier: ISPs should bear security burden

On Thu, Apr 28, 2005 at 05:01:42PM -0500, John Dupuy wrote: > If one is going to use the car analogy, then the ISP is the street, not the > car. The car is the user's computer or customer premise equipment. Streets > do not have airbags. (Though that is an interesting concept.) At best, > stree

Re: Schneier: ISPs should bear security burden

On Thu, Apr 28, 2005 at 03:13:06PM -0700, Owen DeLong wrote: > Your statement that their price point is lower is absurd. It costs money > to put filters in place. It doesn't cost money to not filter, except to > the extent that irresponsible actions which filtration would prevent are > not block

Re: Schneier: ISPs should bear security burden

On Thu, Apr 28, 2005 at 08:03:57AM -0500, Olsen, Jason wrote: > > You must not have used it much in those 20 years. I can > > definitely say worms, trojans, spam, phishing, ddos, and > > other attacks is up several orders of magnitude in those 20 > > years. > > The userbase has also increased

Re: Schneier: ISPs should bear security burden

On Wed, Apr 27, 2005 at 12:56:00PM -0700, Owen DeLong wrote: > Not only do I not know this, I find it to be patently false. Yes, I think > a high percentage of users is too ignorant to know what they need or how > to get it. However, protecting them from that ignorance only propogates > and perp

Re: Schneier: ISPs should bear security burden

On Wed, Apr 27, 2005 at 08:06:51AM -0400, Greg Boehnlein wrote: > On Wed, 27 Apr 2005, Fergie (Paul Ferguson) wrote: > > I've been there -- I know how I feel about it -- but I'd love > > to know how ISP operations folk feel about this. > > Of course Bruce Schneider is going to allocate ISP's hand

Re: Schneier: ISPs should bear security burden

On Wed, Apr 27, 2005 at 09:25:55AM -0400, Edward Lewis wrote: > It would be nice if the ISPs protected me from bad stuff on the > Internet - but why are they to be held to a higher standard than > similar services? Have we drifted? I thought the topic was "tragedy of the commons", not "protect

Re: Schneier: ISPs should bear security burden

On 4/27/05, Jerry Pasker <[EMAIL PROTECTED]> wrote: > It means 10 different things to 10 different people. The article was > vague. "Security" could mean blocking a few ports, simple Proxy/NAT, > blocking port 25 (or 139... or 53.. heh heh) or a thousand different > things. There is a market fo

Re: Schneier: ISPs should bear security burden

On 5/1/05, Robert M. Enger <[EMAIL PROTECTED]> wrote: > It's not a buck a meg. > > There should be a little money in their model to > provide guidance and/or software to the consumer. > Hopefully enough to fund an aggressive abuse department. Both things that any provider who hands fat pipes to

Re: Schneier: ISPs should bear security burden

It's not a buck a meg. 15/2 service is about $45/month: over $3/Mbps downstream over $22/Mbps for the upstream 30/5 service is almost $200/month: over $6/Mbps downstream about $40/Mbps for the upstream There should be a little money in their model to pro

Re: Schneier: ISPs should bear security burden

On Wed, Apr 27, 2005 at 03:07:47AM -0700, Owen DeLong wrote: > > Sound about right? > No, not at all. > > I'm not advocating a wild west every man for himself, but, I think that > solving end-node oriented problems at the transport layer is equally > absurd. > > It's like expecting to be able to

Re: Schneier: ISPs should bear security burden

Suresh Ramasubramanian wrote: On 4/30/05, Steven Champeon <[EMAIL PROTECTED]> wrote: ANantes-106-1-5-107.w193-251.abo.wanadoo.fr You'll see 'abo' for 'cable', perhaps? as well as 'cable'. But for most abo = short for "abonnement", that is, "subscription" / "subscriber" Just means its a pool of IP

Re: Schneier: ISPs should bear security burden

on Sat, Apr 30, 2005 at 07:41:34AM +0530, Suresh Ramasubramanian wrote: > > On 4/30/05, Steven Champeon <[EMAIL PROTECTED]> wrote: > > > ANantes-106-1-5-107.w193-251.abo.wanadoo.fr > > > > You'll see 'abo' for 'cable', perhaps? as well as 'cable'. But for most > > abo = short for "abonnement",

Re: Schneier: ISPs should bear security burden

On 4/30/05, Steven Champeon <[EMAIL PROTECTED]> wrote: > ANantes-106-1-5-107.w193-251.abo.wanadoo.fr > > You'll see 'abo' for 'cable', perhaps? as well as 'cable'. But for most abo = short for "abonnement", that is, "subscription" / "subscriber" Just means its a pool of IPs assigned to users, I

RE: Schneier: ISPs should bear security burden

[In the message entitled "RE: Schneier: ISPs should bear security burden" on Apr 29, 15:32, "Miller, Mark" writes:] > > Unfortunately, a lot of static "business" DSL IP space is still on > those lists and legitimate mail servers can get blocked. I usu

Re: Schneier: ISPs should bear security burden

In article <[EMAIL PROTECTED]> you write: > >On Fri, 29 Apr 2005, Miller, Mark wrote: > >> Unfortunately, a lot of static "business" DSL IP space is still on >> those lists and legitimate mail servers can get blocked. I usually use >> the DUL as a "white list" to negate hits on the traditional dn

RE: Schneier: ISPs should bear security burden

large part) driven by routing efficiency. - Mark -Original Message- From: Steven J. Sobol [mailto:[EMAIL PROTECTED] Sent: Friday, April 29, 2005 4:40 PM To: Miller, Mark Cc: nanog@merit.edu Subject: RE: Schneier: ISPs should bear security burden On Fri, 29 Apr 2005, Miller, Mark wrote

RE: Schneier: ISPs should bear security burden

On Fri, 29 Apr 2005, Miller, Mark wrote: > Unfortunately, a lot of static "business" DSL IP space is still on > those lists and legitimate mail servers can get blocked. I usually use > the DUL as a "white list" to negate hits on the traditional dnsbls since > those are almost always stale. Tha

RE: Schneier: ISPs should bear security burden

ge- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Rand Sent: Friday, April 29, 2005 4:07 AM To: Steve Sobol; Mark Newton Cc: Owen DeLong; Bill Stewart; North American Networking and Offtopic Gripes List Subject: Re: Schneier: ISPs should bear security burden [In the

Re: Schneier: ISPs should bear security burden

[In the message entitled "Re: Schneier: ISPs should bear security burden" on Apr 29, 17:23, "Steven J. Sobol" writes:] > On Fri, 29 Apr 2005, Dave Rand wrote: > > > Dunno what a ton of ISP buy-in is, but the MAPS DUL now contains about > > 190,000,000 e

Re: Schneier: ISPs should bear security burden

On Fri, 29 Apr 2005, Dave Rand wrote: > Dunno what a ton of ISP buy-in is, but the MAPS DUL now contains about > 190,000,000 entries. We've been working on it very hard for the last year or > two. Most ISP-level subscribers figure it stops a pretty large percentage of > the compromised-home-co

Re: Schneier: ISPs should bear security burden

on Thu, Apr 28, 2005 at 10:20:37AM -0400, Steve Sobol wrote: > > Mark Newton <[EMAIL PROTECTED]> wrote: > > > On Thu, Apr 28, 2005 at 02:16:36AM -0400, Steven J. Sobol wrote: > > > > > Any IP that a provider allows servers on should have > > > distinctive, non-dynamic-looking DNS (and prefer

Re: Schneier: ISPs should bear security burden

On April 28, 2005 at 09:09 [EMAIL PROTECTED] (Adi Linden) wrote: > > Its not up to the ISP to determine outbound malicious traffic, but its up > > to the ISP to respond in a timely manner to complaints. Many (most?) do > > not. > > If they did their support costs would explode. It is block

Re: Schneier: ISPs should bear security burden

on Thu, Apr 28, 2005 at 04:38:00PM +0930, Mark Newton wrote: > > On Thu, Apr 28, 2005 at 02:16:36AM -0400, Steven J. Sobol wrote: > > > Any IP that a provider allows servers on should have > > distinctive, non-dynamic-looking DNS (and preferably be in a separate > > netblock from the dynami

Re: Schneier: ISPs should bear security burden

On Tue, Apr 26, 2005 at 10:38:00PM -0700, Owen DeLong wrote: > I think it's absurd. I expect my water delivery company not to add > polutants in transit. I expect my water production company to provide > clean water. Water delivery is unidirectional, otherwise water utilities would infact have

Re: Schneier: ISPs should bear security burden

[In the message entitled "Re: Schneier: ISPs should bear security burden" on Apr 28, 10:20, "Steve Sobol" writes:] > There are some basic rules of thumb you can use. The problem is that they're > not guaranteed to work. The best solution was created years ago (Go

Re: Schneier: ISPs should bear security burden

> In my own opinion, I would not expect a transit provider to filter > anything other than my BGP announcements. However, I would expect my ISP > to filter a possible worm infection port(s), as it would completely > saturate my lowly-end-user datapipe if they did not, making network > access worthl

Re: Schneier: ISPs should bear security burden

On Thu, 28 Apr 2005, John Dupuy wrote: But this analogy breaks down on so many levels, so I recommend not using it. The street system is a government controlled monopoly and...well lets not use this analogy. If you really want some analogy for Internet independent of the telecom sector or gover

Re: Schneier: ISPs should bear security burden

--On Thursday, April 28, 2005 12:18 PM -0400 James Baldwin <[EMAIL PROTECTED]> wrote: > On 28 Apr 2005, at 11:51, [EMAIL PROTECTED] wrote: > >> It would seem that relocating the costs of doing extra (filtering, etc) >> *should* be passed on to the people who necessitated the extra >> handling

Re: Schneier: ISPs should bear security burden

At 04:17 PM 4/28/2005, you wrote: > Hmmm... when you're driving on a public street there is certain safety > equipment you are required to have and use. You're paying more for your > vehicle because of seatbelts, airbags and all the other things that are > supposed to lessen the impact of an accide

Re: Schneier: ISPs should bear security burden

> On 28 Apr 2005, at 00:55, Owen DeLong wrote: > >> Who are you to decide that there is no damage to blocking residential >> customers? > > The customer makes the decision when they subscribe to a service whether > or not filtered service will meet their needs. Who are you to decide that > unfilt

Re: Schneier: ISPs should bear security burden

> > If they did their support costs would explode. It is block the customer, > educate the customer why they were blocked, exterminate the customers PC, > unblock the customer. No doubt there'll be a repeat of the same in short > time. On a cost basis, it should be: + block the cus

Re: Schneier: ISPs should bear security burden

> When I sign up for an internet account, does the fine print say that I am > to accept all garbage pouring out of the RJ-45...? Why should it be the > recipients job to filter all incoming traffic? > No... You should, for an appropriate fee, be able to find an ISP that will filter whatever you re

Re: Schneier: ISPs should bear security burden

> Hmmm... when you're driving on a public street there is certain safety > equipment you are required to have and use. You're paying more for your > vehicle because of seatbelts, airbags and all the other things that are > supposed to lessen the impact of an accident. Even if you're an expert > dri

RE: Schneier: ISPs should bear security burden

Correct... Measuring reliability in terms of what's around that isn't success is not a valid method of measurment. One must measure the success rate. Does anyone really believe that they are more likely to encounter a timeout or connection drop today than 5, 10, 15, or even 20 years ago? I think

Re: Schneier: ISPs should bear security burden

Adi Linden wrote: Its not up to the ISP to determine outbound malicious traffic, but its up to the ISP to respond in a timely manner to complaints. Many (most?) do not. If they did their support costs would explode. It is block the customer, educate the customer why they were blocked, extermin

Re: Schneier: ISPs should bear security burden

James Baldwin wrote: Again, this is a poor analogy. I am not penalizing customers who act responsibly. There is no direct correlation between users who are responsible and users who require unfiltered internet access. There are millions of subscribers who are responsible using filtered internet

Re: Schneier: ISPs should bear security burden

On 28 Apr 2005, at 11:51, [EMAIL PROTECTED] wrote: It would seem that relocating the costs of doing extra (filtering, etc) *should* be passed on to the people who necessitated the extra handling by running software that needs extra protection. As it stands, you're charging the people who (in gen

Re: Schneier: ISPs should bear security burden

On Thu, 28 Apr 2005 10:47:50 EDT, James Baldwin said: > in order to provide the best connectivity possible, measured by least > obstructions perceived by the user at the lowest price point, at the > highest margin possible we need to relocate the operating cost to the > appropriate party. Provid

Re: Schneier: ISPs should bear security burden

On 28-apr-2005, at 16:21, Adi Linden wrote: So I do I obtain your permission to send you a packet? By replying to my request. So ask your ISP to NAT you. (Most people do this themselves but you seem to feel filtering out unwanted packets isn't something you want to do.) You won't receive any p

Re: Schneier: ISPs should bear security burden

On 27 Apr 2005, at 17:51, Pakojo Samm wrote: Give me a *clear* unobstructed line (that stays up) at the cheapest price please. Your attitude is very much the norm, however your requirements on connectivity are more stringent. All customers want unobstructed access and, we as an ISP, want to provi

Re: Schneier: ISPs should bear security burden

On Thu, 28 Apr 2005 09:01:26 CDT, Adi Linden said: > When my PC grabs an IP address, I'd expect to see zero traffic from the > world unless I make a request for content. Only then should I see traffic > and only the content I requested. Remember - the RST packet is there so you can tell the other

Re: Schneier: ISPs should bear security burden

On Thu, 28 Apr 2005 16:38:00 +0930, Mark Newton said: > Just wait'll we start getting unicode DNS names in non-English alphabets. > Perhaps then you can tell what to look for in a string of Kanji symbols > which might be suggestive of the concept of "static". We may not even have to wait that lon

Re: Schneier: ISPs should bear security burden

On Thu, 28 Apr 2005 16:10:54 +0200, Iljitsch van Beijnum said: > And where in the packet does it show that the packet comes from > someone who has said permission? Well, if you didn't have permission, you're probably up to no good and should be setting the appropriate bits as per RFC3514

Re: Schneier: ISPs should bear security burden

Mark Newton <[EMAIL PROTECTED]> wrote: > On Thu, Apr 28, 2005 at 02:16:36AM -0400, Steven J. Sobol wrote: > > > Any IP that a provider allows servers on should have > > distinctive, non-dynamic-looking DNS (and preferably be in a separate > > netblock from the dynamically-assigned IPs). >

Re: Schneier: ISPs should bear security burden

> And what about garbage pouring out of RJ-11 sockets? Hmmm... so because we have garbage coming out of the RJ-11 we might as well have garbage coming out of the RJ-45, too? 4 wires vs. 8 wires, twices the garabe out of the RJ-45. > So I do I obtain your permission to send you a packet? By repl

Re: Schneier: ISPs should bear security burden

> And how exactly does that translate to the online world? It doesn't. There is none or very little punishment for lawlessness and missbehaviour in the online world. > Despite the safety and environmental regulations and the fact that > you have to have a driver's license and insurance (at least

Re: Schneier: ISPs should bear security burden

On 28-apr-2005, at 16:01, Adi Linden wrote: When I sign up for an internet account, does the fine print say that I am to accept all garbage pouring out of the RJ-45...? Why should it be the recipients job to filter all incoming traffic? Because by definition the recipient is the party who recei

Re: Schneier: ISPs should bear security burden

> Its not up to the ISP to determine outbound malicious traffic, but its up > to the ISP to respond in a timely manner to complaints. Many (most?) do not. If they did their support costs would explode. It is block the customer, educate the customer why they were blocked, exterminate the customers

Re: Schneier: ISPs should bear security burden

On 28-apr-2005, at 15:53, Adi Linden wrote: Hey, if you've got customes willing to shell out for that, then more power to you. However, I'm not (and won't be) one of those customers. I'm willing to take responsibility for protecting my systems and choosing what traffic I do and don't want. I

Re: Schneier: ISPs should bear security burden

> As somebody who picked a DSL provider specifically because it allows me to > run any kind of server I want, I'm not highly in favor of blocking > traffic from broadband users and killing the end-to-end principle that > makes the Internet work, When I sign up for an internet account, does the fi

Re: Schneier: ISPs should bear security burden

> Hey, if you've got customes willing to shell out for that, then more > power to you. However, I'm not (and won't be) one of those customers. > I'm willing to take responsibility for protecting my systems and choosing > what traffic I do and don't want. I don't want someone else doing it > for

RE: Schneier: ISPs should bear security burden

> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Dan Hollis > To: Owen DeLong > Subject: Re: Schneier: ISPs should bear security burden > > You must not have used it much in those 20 years. I can > definitely say worms,

Re: Schneier: ISPs should bear security burden

On Thu, 28 Apr 2005, Iljitsch van Beijnum wrote: > The problem is that the maliciousness of packets or email is largely > in the eye of the beholder. How do you propose ISPs determine which > packets the receiver wants to receive, and which they don't want to > receive? (At Mpps rates, of co

Re: Schneier: ISPs should bear security burden

On 27-apr-2005, at 20:08, Dan Hollis wrote: I can definitely say worms, trojans, spam, phishing, ddos, and other attacks is up several orders of magnitude in those 20 years. Malicious packets now account for a significant percentage of all ip traffic. Eventually I expect malicious packets will

Re: Schneier: ISPs should bear security burden

On Thu, Apr 28, 2005 at 02:16:36AM -0400, Steven J. Sobol wrote: > Any IP that a provider allows servers on should have > distinctive, non-dynamic-looking DNS (and preferably be in a separate > netblock from the dynamically-assigned IPs). What the hell is a "non-dynamic-looking DNS"? Sure,

Re: Schneier: ISPs should bear security burden

Ah, but *you* wouldn't get blocked. You maintain your own rDNS and presumably have enough clue to not make the rDNS look like a pool of dynamic residential IPs that aren't terribly important. To wit: Um, that's not what I thought this discussion was about. I thought this discussion was about ISPs

Re: Schneier: ISPs should bear security burden

On Wed, 27 Apr 2005, Owen DeLong wrote: > > > > What's rDNS for the ip address(es) assigned to you? > > > I don't know about him, but, on my ADSL connection, it is controlled > by my nameservers: > > ;; ANSWER SECTION: > 10.159.192.in-addr.arpa. 86400 IN NS ns.rop.edu. > 10.159.192.in

Re: Schneier: ISPs should bear security burden

What's rDNS for the ip address(es) assigned to you? I don't know about him, but, on my ADSL connection, it is controlled by my nameservers: ;; ANSWER SECTION: 10.159.192.in-addr.arpa. 86400 IN NS ns.rop.edu. 10.159.192.in-addr.arpa. 86400 IN NS ns.delong.sj.ca.us. I'm not hig

Re: Schneier: ISPs should bear security burden

Bill Stewart wrote: You could solve 90% of the problems that you perceive are being caused by unrestricted cable modem users by using blocklists to ignore traffic from them. Which would be great if cable/DSL providers offered some insight into which of their netblocks should be blocked and which s

Re: Schneier: ISPs should bear security burden

On 4/27/05, Owen DeLong <[EMAIL PROTECTED]> wrote: > I was referring to the article which contained the schneier quote, not > schneier. The article was written by someone at least pretending to be > a journalist, and, was put out as news, not editorial or advertising. > > As such, it should be h

Re: Schneier: ISPs should bear security burden

Steve Sobol wrote: > And I'd argue that Owen's attitude is appropriate for transit and > business-class connections[0] - but if you're talking about a consumer ISP, > that's different. If the Big Four[1] US cable companies followed AOL's lead, > we'd see a huge drop in malware incidents and zombie

Re: Schneier: ISPs should bear security burden

--On Wednesday, April 27, 2005 5:09 PM -0400 James Baldwin <[EMAIL PROTECTED]> wrote: > On 27 Apr 2005, at 06:07, Owen DeLong wrote: > >> ISPs transport packets. That's what they do. That's what most >> consumers >> pay them to do. I haven't actually seen a lot of consumers asking for >> pr

Re: Schneier: ISPs should bear security burden

On 27 Apr 2005, at 06:07, Owen DeLong wrote: ISPs transport packets. That's what they do. That's what most consumers pay them to do. I haven't actually seen a lot of consumers asking for protected internet. I've seen lots of marketing hype pushing it, but, very little actual consumer demand.

Re: Schneier: ISPs should bear security burden

That's a good question. - ferg -- Petri Helenius <[EMAIL PROTECTED]> wrote: >What I'm saying is that too many providers do nothing, >regardless of whether it is a managed (read: paid) service, >or not. > So why don't the market economy work and solve the problem? Because there is no "tax" on

Re: Schneier: ISPs should bear security burden

Fergie (Paul Ferguson) wrote: Of course there are. What I'm saying is that too many providers do nothing, regardless of whether it is a managed (read: paid) service, or not. So why don't the market economy work and solve the problem? Because there is no "tax" on pollution? Pete - ferg -- Petri

Re: Schneier: ISPs should bear security burden

Daniel Roesen wrote: I hope to find the time to do some capturing and analysis of this traffic. If anyone here has experience with that I'd be happy to hear from them... don't want to waste time doing something others already did... :-) Sure, what would you like to know? Pete

Re: Schneier: ISPs should bear security burden

> The only thing I've seen in the past 20 years which has made any positive > impact on overall internet reliability is BGP dampening. In all other > cases its gotten worse as networks are ground to dust by daily DDOS > attacks. You can read daily about sites xyz or networks xyz being > unreacha

Re: Schneier: ISPs should bear security burden

On Wed, 27 Apr 2005, Owen DeLong wrote: > From that perspective, in my experience, things are better today than they > ever have been. The only thing I've seen in the past 20 years which has made any positive impact on overall internet reliability is BGP dampening. In all other cases its gotten

Re: Schneier: ISPs should bear security burden

Is VoIP? Of course not. But, it does brings the dicussion full circle - ferg -- "Steven M. Bellovin" <[EMAIL PROTECTED]> wrote: Is, for example, p2p "abuse"? After all, it uses up bandwidth. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED]

Re: Schneier: ISPs should bear security burden

At Wed Apr 27 15:04:46 2005, Steve Sobol wrote: [1] Soon to be Big Three, but currently Comcast, Time Warner, Charter, and Adelphia. --- Adelphia is #5, you forgot Cox (#3). -MH W. Mark Herrick, Jr. Director - Data and Network Security - Adelphia Communications 5619 DTC Parkway, Greenwood Village

Re: Schneier: ISPs should bear security burden

--On Wednesday, April 27, 2005 11:08 AM -0700 Dan Hollis <[EMAIL PROTECTED]> wrote: > On Wed, 27 Apr 2005, Owen DeLong wrote: >> Strangely, for all the FUD in the above paragraph, I'm just not buying >> it. The internet, as near as I can tell, is functioning today at least >> as well as it ever

Re: Schneier: ISPs should bear security burden

On Wed, 2005-04-27 at 13:39 -0400, Steven M. Bellovin wrote: > At a recent forum at Fordham Law School, Susan Crawford -- an attorney, > not a network operator -- expressed it very well: "if we make ISPs into > police, we're all in the ghetto". > > Bruce is a smart guy, and a good friend of min

Re: Schneier: ISPs should bear security burden

In message <[EMAIL PROTECTED]>, "Steve Sobol" writes: > > >And I'd argue that Owen's attitude is appropriate for transit and >business-class connections[0] - but if you're talking about a consumer ISP, >that's different. If the Big Four[1] US cable companies followed AOL's lead, >we'd see a huge

Re: Schneier: ISPs should bear security burden

> We know that almost all users are too stupid to know what they really > need or how to get it, and that they need to be protected from their own > stupidity -- as well as protecting the rest of the world from their > stupidity. Not only do I not know this, I find it to be patently false.

Re: Schneier: ISPs should bear security burden

I have no problem with disconnecting known abusers. However, there's lots of other actions implied in the "ISP responsibility" described that are things like filtering port 25, blocking NetBIOS, etc. Some ISPs do this. I'm all for having an AUP and/or TOS that allows you to disconnect abusers. W

Re: Schneier: ISPs should bear security burden

Thank you, Steve, for a very articulate & rational post. :-) - ferg -- "Steve Sobol" <[EMAIL PROTECTED]> wrote: [snip] Anyone who thinks AOL is doing this out of the goodness of their hearts, please speak up now... [FX: sound of crickets chirping] Yup. That's what I thought. Not having to

Re: Schneier: ISPs should bear security burden

Of course there are. What I'm saying is that too many providers do nothing, regardless of whether it is a managed (read: paid) service, or not. - ferg -- Petri Helenius <[EMAIL PROTECTED]> wrote: >We owe to our customers, and we owe it to ourselves, so let's >just stop finding excise to side

Re: Schneier: ISPs should bear security burden

At 01:39 PM 4/27/2005, you wrote: In message <[EMAIL PROTECTED]>, "Fergie (Paul Ferguson)" writes: > > >I've been there -- I know how I feel about it -- but I'd love >to know how ISP operations folk feel about this. > >Links here: >http://www.vnunet.com/news/1162720 > At a recent forum at Fordha

Re: Schneier: ISPs should bear security burden

On Wed, 27 Apr 2005, Petri Helenius wrote: We owe to our customers, and we owe it to ourselves, so let's just stop finding excise to side-step the issue. So are you saying that managed security services are not avaialble for paying consumers in USA? I think the debate is if default should be mana

Re: Schneier: ISPs should bear security burden

Owen DeLong <[EMAIL PROTECTED]> wrote: > Why do ISPs owe this to their customers. They don't. (I would argue that they owe it to the rest of the Internet, but that argument is tangential to this discussion.) However, I'd like to add an additional data point: Those of us in .us have undoubtedl

Re: Schneier: ISPs should bear security burden

Fergie (Paul Ferguson) wrote: We owe to our customers, and we owe it to ourselves, so let's just stop finding excise to side-step the issue. So are you saying that managed security services are not avaialble for paying consumers in USA? Pete

Re: Schneier: ISPs should bear security burden

On Wed, Apr 27, 2005 at 11:08:42AM -0700, Dan Hollis wrote: > Malicious packets now account for a significant percentage of all ip > traffic. As a data point: An unused, never before used or even just announced /21 currently draws an average of 112pps und 70kbit/s, translating to about 1GB (1 Gi

Re: Schneier: ISPs should bear security burden

On Wed, 27 Apr 2005, Owen DeLong wrote: > Strangely, for all the FUD in the above paragraph, I'm just not buying it. > The internet, as near as I can tell, is functioning today at least as well > as it ever has in my 20+ years of experience working with it. You must not have used it much in those

Re: Schneier: ISPs should bear security burden

In message <[EMAIL PROTECTED]>, "Fergie (Paul Ferguson)" writes: > > >I've been there -- I know how I feel about it -- but I'd love >to know how ISP operations folk feel about this. > >Links here: >http://www.vnunet.com/news/1162720 > At a recent forum at Fordham Law School, Susan Crawford -- an

Re: Schneier: ISPs should bear security burden

And Big Pond is my hero. :-) http://www.zdnet.com.au/news/communications/0,261791,39188135,00.htm I'm not sure I'd break my arm trying to pat them on the back yet. They have a ways to go in SMTP filtering their users so that when they are infected with trojans, they aren't abused to send spa

Re: Schneier: ISPs should bear security burden

On Wed, 27 Apr 2005, Brad Knowles wrote: > At 8:13 AM -0400 2005-04-27, Greg Boehnlein wrote: > > > As for security, intelligent ISPs will be monitoring their network and > > will have sensors in place to alert them to abnormal traffic (NetFlow, > > Snort, SNMP Traps, Log watchers) patterns a

Re: Schneier: ISPs should bear security burden

Finally -- an analogy I can relate to. ;-) As an aside, perhaps if we worked on making the Internet "safer", as opposed to strictly "safe", we might make some progress. You know -- baby steps. And Big Pond is my hero. :-) http://www.zdnet.com.au/news/communications/0,261791,39188135,00.htm

  1   2   >