[60498] in North American Network Operators' Group
Re: Port blocking last resort in fight against virus
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Wed Aug 13 12:12:32 2003
Date: Wed, 13 Aug 2003 16:08:56 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: Jack Bates <jbates@brightok.net>
Cc: Mans Nilsson <mansaxel@sunet.se>,
"Stephen J. Wilcox" <steve@telecomplete.co.uk>,
Petri Helenius <pete@he.iki.fi>, nanog@merit.edu
In-Reply-To: <3F3A6051.2070200@brightok.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 13 Aug 2003, Jack Bates wrote:
> Christopher L. Morrow wrote:
>
> > This is the point, atleast I, have been trying to make for 2 years... end
> > systems, or as close to that as possible, need to police themselves, the
> > granularity and filtering capabilities (content filtering even) are
> > available at that level alone.
>
> I agree with you Chris, but I also believe that temp filters do have a
> role, even at backbones. One of my peers appears to be helping out my
the problem is, at the backbone level, its a very large hammer... and
often the peg is round while the hole is square :(
>
> Honestly, it would be nice to offer different classes of service,
> allowing user's that are semi-protected and user's that are free and
> clear. The issue with doing so is dealing with the liability of
this is called 'managed firewall service' and some ISP's do a good
business with it, some even advertise their service and market it too! :)
There are some sticky points with managed firewall services that still
need ironing out (on a per-provider basis atleast) but its a great start,
and the filtering is done at the 'right' place, near the end node...
