Re: If you have nothing to hide
[EMAIL PROTECTED] (Sean Donelan) writes: ISPs to step up Internet service providers also have to be more security conscious, Clarke said. By selling broadband connectivity to home users without making security a priority, telecommunications companies, cable providers and ISPs have not only opened the nation's homes to attack, but also created a host of computers with fast connections that have hardly any security. Public network operators are very security conscious, about the public network operators network. Should public network operators do things, common in private corporate networks, such as block access to Hotmail, Instant Messenger, Peer-to-peer file sharing, and other potentially risky activities? Should it be official government policy for public network operators to prohibit customers from running their own servers by blocking access with firewalls? Don't dismiss this concern. We know why multipath (core) RPF is hard and why most BGP speakers don't do it yet. But unipath (edge) RPF has been easy for five years and possible for ten, and yet it is in use almost nowhere. The blame for that lays squarely, 100%, no excuses, with the edge ISP's. Whether Microsoft or the rest of the people CERT has named over the years with various buffer overflows are also to blame for making hosts vulnerable is debatable. But whether edge ISP's are grossly negligent for not doing edge RPF since at least 1996 is not debatable. Cut Mr. Clark *that* slack, even if you must (righteously, I might add) blast him on other issues. -- Paul Vixie
Re: If you have nothing to hide
I encourage network operators (or IX operators, DNS operators, etc) to let the government know what you think. Mr. Clarke's crew is writing the plan, and taking input from many sources. If you think RPF (or some other source address validation) is a solution let them know. If you think S-BGP is a solution, let them know. If you think network operator managed firewalls on every DSL/Cable modem is a solution, let them know. On the other hand, if to think some of those things are not a solution (or a really bad idea), tell them that. I have my opinion, and I've told the government what I think. But I'm certainly not smart enough to get everything right (or even most things right). Its not a matter of cutting Mr. Clark some slack, but getting good information from (many?) network operators. On 4 Aug 2002, Paul Vixie wrote: Don't dismiss this concern. We know why multipath (core) RPF is hard and why most BGP speakers don't do it yet. But unipath (edge) RPF has been easy for five years and possible for ten, and yet it is in use almost nowhere. The blame for that lays squarely, 100%, no excuses, with the edge ISP's. Whether Microsoft or the rest of the people CERT has named over the years with various buffer overflows are also to blame for making hosts vulnerable is debatable. But whether edge ISP's are grossly negligent for not doing edge RPF since at least 1996 is not debatable. Cut Mr. Clark *that* slack, even if you must (righteously, I might add) blast him on other issues.
NSPs filter?
Good day, What NSPs do filter packets, and can really deal with DoS and DDoS attacks? UUNet? Best Regards, -Abdullah Bin Hamad A.K.A Arabian http://www.ArabChat.Org [EMAIL PROTECTED] ___ Chat with us yet? Try http://Chat.ArabChat.Org Make new friends, with ArabChat Now! Get your Free ArabMail http://Mail.ArabChat.Org
Re: NSPs filter?
Good day, What NSPs do filter packets, and can really deal with DoS and DDoS attacks? -Abdullah Bin Hamad A.K.A Arabian The shorter shorter list would be the NSPs that do NOT filter packets. I can't think of an NSP that does not filter. --bill
Re: NSPs filter?
On Sun, 4 Aug 2002, Abdullah Bin Hamad - Arabian wrote: Good day, What NSPs do filter packets, and can really deal with DoS and DDoS attacks? UUNet? Yes, only during attacks at customer request. Best Regards, -Abdullah Bin Hamad A.K.A Arabian http://www.ArabChat.Org [EMAIL PROTECTED] ___ Chat with us yet? Try http://Chat.ArabChat.Org Make new friends, with ArabChat Now! Get your Free ArabMail http://Mail.ArabChat.Org
Re: If you have nothing to hide
At 06:31 AM 8/4/2002 -0400, Sean Donelan wrote: I encourage network operators (or IX operators, DNS operators, etc) to let the government know what you think. Mr. Clarke's crew is writing the plan, and taking input from many sources. If you think RPF (or some other source address validation) is a solution let them know. If you think S-BGP is a solution, let them know. If you think network operator managed firewalls on every DSL/Cable modem is a solution, let them know. On the other hand, if to think some of those things are not a solution (or a really bad idea), tell them that. These are technical operations matters. Seems like there might be some benefit in formulating consensus views within the technical operations community. Any chance that an IETF BCP would be possible and helpful? Diverse input to a government process can be good for learning about choices, but consensus views should be helpful for making them. d -- Dave Crocker mailto:[EMAIL PROTECTED] TribalWise, Inc. http://www.tribalwise.com tel +1.408.246.8253; fax +1.408.850.1850