[61759] in North American Network Operators' Group
Re: What do you want your ISP to block today?
daemon@ATHENA.MIT.EDU (Jack Bates)
Thu Sep 4 11:16:34 2003
Date: Thu, 04 Sep 2003 10:15:23 -0500
From: Jack Bates <jbates@brightok.net>
To: Gerardo Gregory <ggregory@affinitas.net>
Cc: jullrich@euclidian.com, Owen DeLong <owen@delong.com>,
Vinny Abello <vinny@tellurian.com>, Sean Donelan <sean@donelan.com>,
nanog@merit.edu
In-Reply-To: <courier.3F565CF7.000073B8@affinitas.net>
Errors-To: owner-nanog-outgoing@merit.edu
Gerardo Gregory wrote:
> these ports. The "internet" in itself is nothing more than a
> communications link, and the ISP's are providers to this link. The
> purpose of which is the exchange of information over a "public" medium.
> You want an ISP to begin filtering at the 4th layer (OSI
> Reference...yikes), why???? Besides alleviating the headaches of some
Hmmm. Perhaps I should shut down my abuse desk and just be a
communications link. After all, the user's computer wants to transmit
viruses or spam, so why should I stop it?
If people run layer 7 filtering to stop abuse, what makes you think they
won't run layer 4 to meet the same goals? A lot of networks already run
layer 3 filtering for misbehaving networks and bogon filters. Spam
filtering takes place at anywhere from 3-7, depending on the network.
One can't have it both ways. You either do no filtering and watch the
system completely crash as you can't afford the overhead of the
malicious content which is on the rise, or you apply filters to protect
your network and *the* network overall. Not filtering consumer networks
will cause issues at the backbone networks, forcing upgrades and driving
prices back up.
If we don't protect *our* network, then some governments will start
mandating how they'll protect it. I for one do not wish to give up
control of what I've designed, built, and improved to people who usually
don't know what telnet is, much less ssh.
-Jack
