[27356] in North American Network Operators' Group
Re: What would you tell the White House?
daemon@ATHENA.MIT.EDU (Ron Buchalski)
Sun Feb 13 22:51:00 2000
Message-ID: <20000214034703.55191.qmail@hotmail.com>
From: "Ron Buchalski" <rbuchals@hotmail.com>
To: sean@donelan.com, nanog@merit.edu
Date: Sun, 13 Feb 2000 19:47:03 PST
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
Sean,
A few ideas...
The ISPs who are providing services to their customers have a responsibility
to implement the measures necessary to prevent or reduce the impact of
malicious attacks such as those which have occurred over the past week. In
addition, it's the customer's responsibility to make sure that they have the
necessary measures to protect their networks and hosts, and that they've
verified that their ISPs are protecting them.
I don't think that the federal government needs to pass a law defining how
one should protect his networks, or how an ISP should implement network
protection measures. If the Internet industry developed a set of
rules/guidelines (Barry Greene's document, as well as pertinent RFCs such as
2267, are a good starting place), the customers can shop around to find a
provider who will protect his network. After all, this isn't a regulated
monopoly, like an RBOC.
The ISPs need to put a system in place where they can work together to
quickly trace and isolate the source of any attack. Perhaps the vendors
need to develop some mechanisms to facilitate this. If we had the ability
to quickly conduct a cooperative trace of of an attack, and it would result
in the apprehension and eventual prosecution of the attackers, it would
serve as a good deterrent to future attacks.
My $0.02,
-rb
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
