[187051] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: de-peering for security sake

daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Sat Jan 16 10:15:15 2016

X-Original-To: nanog@nanog.org
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <20160116145340.GA7803@gsp.org>
Date: Sat, 16 Jan 2016 10:15:06 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org

On Jan 16, 2016, at 9:53 AM, Rich Kulawiec <rsk@gsp.org> wrote:
> On Sat, Jan 16, 2016 at 05:43:56AM -0800, Ca By wrote:

>> I see a great deal of folks on nanog clamoring to buy ddos gear. =
Packets
>> are starting to become like spam email, where 90% are pure rubbish,   =
and
>> us good guys have to spend a lot of money and time sorting signal =
from
>> noise.
>=20
> I've said this many times: abuse does not magically fall out of the =
sky.
> It comes from hosts, on networks, run by people.  It is time -- well
> past time -- to hold those people *personally* acountable.
>=20
> Not doing so leaves us where we are today: millions -- heck, hundreds
> of millions -- of dollars are being spent on defenses THAT WOULD NOT
> BE NECESSARY if those people performed their jobs at a mere baseline
> level of competence and diligence.

Shared fate systems suck in some ways. But I disagree that =E2=80=9Ca =
mere baseline level of competence and diligence=E2=80=9D is even close =
to what is required.

Making the owner of the host responsible for an attack -personally- =
responsible would require every grandma & 6 year old to have insurance =
before buying a laptop or Xbox. And would bankrupt your favorite startup =
no matter how smart & competent the first time a zero-day caught them by =
surprise.

Of course, forcing Uncle Bob to call his insurance carrier before buying =
a smartphone, and having San Hill Road take even greater risks when =
investing, and giving lawyers yet another vector for frivolous lawsuits, =
wouldn=E2=80=99t have the slightest effect on the global economy.

On the other hand, that 100s of millions of dollars is a rounding error =
in the wealth & public good created by that same shared fate system.

Overall, I think we=E2=80=99re doing well.


Before anyone pounces on me, I hate spam, dos, etc. as much as anyone =
else. (You know how much personal, unpaid time I=E2=80=99ve put into =
fighting both, Rich.) If we can find the originators of these things, we =
should hang them by their thumbs and beat them senseless. We should do =
everything we can to make ISPs implement BCP38, get software vendors to =
QA better, and educate users to be less, well, idiotic.

But I am also pragmatic. Life sucks, it is not fair. But the idea of =
making either grandma or the network engineer at an ISP or even the CEO =
of a hosting company personally responsible for things like zero-days or =
minor errors which can be exploited to the tune of greater than their =
personal wealth or even their corporate market cap is a recipe for =
bringing everything to a screeching halt.

I kinda like the ride we=E2=80=99re on, bumps and all. Let=E2=80=99s not =
bring it to a screeching halt.

--=20
TTFN,
patrick


home help back first fref pref prev next nref lref last post