[64856] in North American Network Operators' Group
Re: ISPs' willingness to take action
daemon@ATHENA.MIT.EDU (Scott Francis)
Mon Nov 3 18:17:21 2003
Date: Mon, 3 Nov 2003 15:05:03 -0800
From: Scott Francis <darkuncle@darkuncle.net>
To: kenw@kmsi.net
Cc: nanog@nanog.org
Mail-Followup-To: kenw@kmsi.net, nanog@nanog.org
In-Reply-To: <shropv8ifqok1uflk8d2s2idqcm6j1d17l@4ax.com>
Errors-To: owner-nanog-outgoing@merit.edu
--K/NRh952CO+2tg14
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Oct 26, 2003 at 06:01:09PM -0700, kenw@kmsi.net said:
>=20
> I'm a little puzzled, and I hope people won't object to my asking about
> this.
>=20
> As I see it, we're experiencing an ever-increasing flood of garbage netwo=
rk
> traffic. While not all of it is easy or appropriate to target, it seems =
to
> me there's some "low hanging fruit" that could generate serious gains with
> relatively little investment.
>=20
> A few things that make sense to me (as a non-ISP network consultant)
> include:
[snip]
Some good thoughts in this thread. I think Sean is right about this being an
end-user problem, and although we _can_ mitigate that problem somewhat at
other parts of the network, that amounts to treating the symptoms rather th=
an
the disease.
The 3 things that would do the most to help eliminate this problem (millions
of easily 0wned end-user hosts) right now are all things that lie in
Microsoft's domain:
1) enable Internet Connection Firewall by default;
2) enable automatic Windows Update patch installation by defuault; [*]
3) modify the HTML engine in Outlook/OE such that it can ONLY render HTML,
and any active content is ignored - in other words, replace MSIE as a backe=
nd
HTML rendering engine with, say, lynx. [**]
(and even if the above were all incorporated into all subsequent releases of
Windows, it might take years before the old insecure hosts were finally
replaced ...)
Nothing new to this crowd, I'm sure, but I sure wish there was a way to make
this a priority to the folks at MS, who are really the only people with the
ability to make this happen. Without their compliance, the problem will nev=
er
improve (not as long as they're as dominant as they currently are).
--=20
Scott Francis || darkuncle (at) darkuncle (dot) net
illum oportet crescere me autem minui
[*] I'm well aware of the potential disaster were the WindowsUpdate site to
be trojaned. However, corporate IT should be updating from a single server =
by
the schedule of their windows admins, and for everybody else ... it couldn't
be much worse than the current state of affairs.
[**] I've given up on hoping that email will return to the plain old text it
was intended to be. I'm in the minority on that opinion, and I'm willing to
settle for HTML in email if it can be rendered in a non-harmful manner (i.e.
plain vanilla HTML only).
--K/NRh952CO+2tg14
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (OpenBSD)
iD8DBQE/pt8fWaB7jFU39ScRAkc3AKCGOTLG95NnqURJiXooI2WzIqPn0QCeKBkM
fykto/r1U6IOY/s2XMvSCm0=
=nD0F
-----END PGP SIGNATURE-----
--K/NRh952CO+2tg14--
