------ Forwarded Message From: matthew patton <[EMAIL PROTECTED]> Date: Tue, 22 Mar 2005 13:58:04 -0800 (PST)
at what point do we get to the "the internet is for only those who play nice" rule? Does ICANN revoke IP space and deregister DNS zones and bcast BGP route changes to take companies who harbor malicious and yes even stupid users off the air? One can try legislation or deliberate blackholing (nee Verizon) but no matter what the size of ISP we somehow have to come up with an economic incentive for them to drop the hammer on their users who are acting irresponsibly. Maybe internet service triples in price in order to pay to police their own network. Is that such a bad thing? Oh sure, the "universal internet access" weenies will throw a fit but the Internet is a decidely "nice to have", not like clean water, electricity, and food. Maybe every last source and destination of SMTP has to register and be specifically permitted in the ISP's firewall rules. Even big companies with a dozen Internet access points only have a handful of machines that send/receive SMTP. An arbitrary machine that starts sending spam wouldn't get past the filters, but should a registered server start doing so (eg. the admin is a twit and runs an open relay) the machine can be taken off the ACL list and the problem is stemmed. Fundamentally it will take a priority change in ISP business to one of policing it's users for the common good - something they are probably VERY loath to do since so far they've skated free of the requirement as pure packet providers to have any legal obligation to do anything about what their users do with the bandwidth. The spam/UCE issue is a classic case of the tragedy of the commons and until the economic and legal liability problem can be adequately addressed, nothing will change. Could some ISP's decide to nuke trojan and worm ports? Sure and more power to them. Does that mean say that some moron running SQLserver on the raw Internet will lose his connectivity? Yup and it's about damn time. Ditto microsoft filesharing protocols (135, 137, 138, 139). Will Bittorrent go off the air? Some ISP's might decide to shut it down but that's no great loss either as handy as the program is for ligitimate uses. If you want it bad enough, is it unreasonable to pony up the $5/mo fee to get your IP's added to the ACL? Of course, not every country will enact rules let alone common rules of "acceptable netizen behavior". I don't see a big problem with ISP's blackholing other ISP's or portions of IP space because the traffic coming in is problematic. Sure the local customers get ticked off. I know Verizon took a PR hit with the UK blocking but aside from the grossly broad dragnet, shouldn't we do this on a routine basis? Verizon can make a credible case that protecting it's network and those of it's customers is in their best interests. If and ISP who runs a loosey-goosey network continues to have it's traffic denied, it will lose customers until it cleans up it's act. Or is it the case that there will always be enough ISP's out there who aren't interested in security or good behavior that little impact will be made on the global problem? I think the easiest solution is to simply require the registration of all SMTP speakers. Those that are hosted by ISP's who don't care to do that or who send UCE can be blocked at the edge. At least the responsible ISP's will have stopped their customers from adding to the problem. ------ End of Forwarded Message You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
