[71328] in North American Network Operators' Group
"Default" Internet Service (was: Re: Points on your Internet
daemon@ATHENA.MIT.EDU (John Curran)
Sat Jun 12 21:55:05 2004
In-Reply-To: <Pine.GSO.4.58.0406122101350.4280@clifden.donelan.com>
Date: Sat, 12 Jun 2004 21:54:27 -0400
To: nanog@merit.edu
From: John Curran <jcurran@istaff.org>
Errors-To: owner-nanog-outgoing@merit.edu
The real challenge here is that the "default" Internet service is
wide-open Internet Protocol, w/o any safeties or controls. This
made a lot of sense when the Internet was a few hundred sites,
but is showing real scaling problems today (spam, major viruses,
etc.)
One could imagine changing the paradigm (never easy) so that
the normal Internet service was proxied for common applications
and NAT'ed for everything else... This wouldn't eliminate all the
problems, but would dramatically cut down the incident rate.
If a site wants wide-open access, just give it to them. If that turns
out to cause operational problems (due to open mail proxies, spam
origination, etc), then put 'em back behind the relays.
/John
