Hey Zach
> > This is still a long way off and would need to be adopted by companies
like
> > Cisco etc. Somehow I don't see that happening anytime soon.
>
> Would Cisco, Bay Networks etc. adopt it when it has matured and
> is ready for market?
>
> > While I'm at it, here's my bit on the XP side of things. IP address
spoofing
> > will never become a big problem as ISP's can implement egress filtering.
> > This would mean that you'd always at least know the ISP of the spoofer.
The
> > biggest problem will still remain the same - getting ISP's to cooperate
with
> > people under attack.
>
> Why are ISPs so uncooperative?
> Isn't it in *their* best interest as well to limit needless
> bandwidth on their networks?
Probably because they're there to make a profit. To have the man power to
co-operate with people who are being abused by their users means another
salary to pay. This means that they have to pass the cost on to their end
users. If you are an innocent web user why should you pay for your ISP to be
able to catch people who are abusing the system. The only way to force it
(other than legal obligation, which is always tricky on the net anyway), is
for wide spread access cuts to those who harbor attackers. The sort of thing
that can happen to mail networks that support open relays & spammers etc.
Before you cut access though, you'd need to be sure that it wasn't spoofed,
pretty difficult at the moment.
It might be possible for ISPs to charge more and say that they help to
ensure that your machine hasn't been compromised, then they can justify
having the resources to track abusive behaviour. It comes down to a matter
of money.
Cheers,
Alex
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
