----- Original Message ----- From: "Eugene Leitl" <[EMAIL PROTECTED]> To: "Hack Hawk" <[EMAIL PROTECTED]> Cc: "Hadmut Danisch" <[EMAIL PROTECTED]>; "Digital Bearer Settlement List" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, 06 January, 2002 7:41 PM
> On Fri, 4 Jan 2002, Hack Hawk wrote: > > > It surprises me that providers like Earthlink & GTE (I have one DSL on > > each) aren't taking measures to filter out virus traffic from infected > > systems. It seems a simple enough task to me. > > A *very* bad idea. First, the traffic doesn't bother me, personally. In > fact, it creates a need to use more diverse, and more secure systems. > > Secondly, building realtime pattern recognition and traffic blocking > capability is something certainly to be abused in future. Not only in future. Here is one example of questionable traffic filtering initiative that is already being taken: listening to zealots like Steve Gibson( http://grc.com/dos/winxp.htm#egress ) some providers have started to block IP packets with unexpected source IP addresses, in the assumption that they might be spoofed for evil purposes. Apart from creating difficulties to dual-homed systems (unless policy-based routing is used to send reply packets to the appropriate feed, avoiding asymmetric routing), this also blocks the operations of privacy enhancement services such as the late "Triangle boy" (now discontinued by Safeweb, but that's another story). Enzo [Moderator's note: I must strongly disagree. Egress filtering throughout the internet is of critical importance in stopping many classes of attacks, and generally hurts no one legitimate. If you are multi-homed in the sense of having multiple IP blocks, send out the packets via the same path they came in -- setting that up is straightforward. (I in fact do that, so any claims that it isn't straightforward are unlikely to be believed, at least by me.) --Perry] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
