[71359] in North American Network Operators' Group
Re: "Default" Internet Service (was: Re: Points on your Internet
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sun Jun 13 12:20:34 2004
Date: Sun, 13 Jun 2004 09:15:16 -0700
From: Owen DeLong <owen@delong.com>
To: John Curran <jcurran@istaff.org>, nanog@merit.edu
In-Reply-To: <p06020400bcf1614db588@[192.168.1.101]>
Errors-To: owner-nanog-outgoing@merit.edu
--==========12D5A03F4D3390CA20D4==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
I fully expect my ISP to turn me off if my site starts spewing abuse.=20
However,
until that happens, I expect my ISP to deliver any valid IP datagram=20
destined
for me, and, I expect to them to deliver any valid IP datagram I send out,
at least to the next AS in the path to the destination.
If they turn me off for spewing abuse, I expect them to immediately contact
me and provide as much information as they have about the nature of the
problem. I think expect that it is my responsibility to identify and=20
correct
the problem, notify my ISP, and wait a reasonable amount of time (possibly
as much as 24-48 hours) for them to turn me back on.
So far, this hasn't been a problem.
Owen
--On Saturday, June 12, 2004 9:54 PM -0400 John Curran <jcurran@istaff.org> =
wrote:
>
> The real challenge here is that the "default" Internet service is
> wide-open Internet Protocol, w/o any safeties or controls. This
> made a lot of sense when the Internet was a few hundred sites,
> but is showing real scaling problems today (spam, major viruses,
> etc.)
>
> One could imagine changing the paradigm (never easy) so that
> the normal Internet service was proxied for common applications
> and NAT'ed for everything else... This wouldn't eliminate all the
> problems, but would dramatically cut down the incident rate.
>
> If a site wants wide-open access, just give it to them. If that turns
> out to cause operational problems (due to open mail proxies, spam
> origination, etc), then put 'em back behind the relays.
>
> /John
--=20
If it wasn't crypto-signed, it probably didn't come from me.
--==========12D5A03F4D3390CA20D4==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
iD8DBQFAzH2Un5zKWQ/iqj0RAjD/AJ4+DhOSKFaXLLahP/2GLCsRj9+WJQCfXM+k
9aZJnTxZZDbzPbTNSBcjN7g=
=gRSE
-----END PGP SIGNATURE-----
--==========12D5A03F4D3390CA20D4==========--
