[126912] in North American Network Operators' Group
Re: Nato warns of strike against cyber attackers
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Jun 8 22:36:11 2010
From: Owen DeLong <owen@delong.com>
To: "J. Oquendo" <sil@infiltrated.net>
In-Reply-To: <4C0EA7A8.1050100@infiltrated.net>
Date: Tue, 8 Jun 2010 21:31:43 -0500
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Sent from my iPad
On Jun 8, 2010, at 3:27 PM, "J. Oquendo" <sil@infiltrated.net> wrote:
> Jorge Amodio wrote:
>>> None of this needs to be done for free. There needs to be a =
"security
>>> fee" charged _all_ customers, which would fund the abuse desk.
>>>=20
>>=20
>>=20
>>> With more than 100,000,000 compromised computers out there, it's =
really
>>> time for us to step up to the plate, and make this happen.
>>>=20
>>=20
>> Or you should send the bill to the company that created the software
>> that facilitated to get so many computers compromised, some folks in
>> Redmond have a large chunk of money on the bank.
>>=20
>> My .02
>>=20
>>=20
>>=20
> Seems like it's come full circle again
> (http://irbs.net/internet/nanog/0412/0109.html) and I can always =
recall
> Rob Thomas' take on this =
(http://irbs.net/internet/nanog/0412/0222.html)
> "Filtering out bogons removes yet one more potential source of =
badness.
> Does it remove all badness? Of course not. We win by degrees. Removing
> any tool from the bad persons' toolkit is useful." Not forgetting Mark
> Andrews "Any operator not implemting BCP 38 is potentially aiding and
> abetting some criminal. BCP 38 is over 10 years old. There is no =
excuse
> for not having equipment in place to handle the processing needs of =
BCP 38."
>=20
> ISP's could actually offset the charges to customers with helpdesks to
> re-coup some equipment costs while maintaining a clean network. As for
> the "blame the software" comment, irrelevant. If bad hosts were
> minimized, there would likely be less compromises irrespective of the
> vendor of the software. Statistically I would think the number of
> compromises would go down but at the same time I believe the criminals
> would get smarter. That's just the nature of the beast.
>=20
It's not irrelevant. If it were, apache would be more frequently =
exploited than IIS. It isn't.
Owen
> --=20
>=20
> =3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=
=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT
>=20
> "It takes 20 years to build a reputation and five minutes to
> ruin it. If you think about that, you'll do things
> differently." - Warren Buffett
>=20
> 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
> http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0x5CCD6B5E
>=20
