[80275] in North American Network Operators' Group
Re: Schneier: ISPs should bear security burden
daemon@ATHENA.MIT.EDU (Steve Sobol)
Wed Apr 27 21:51:23 2005
Date: Wed, 27 Apr 2005 18:48:19 -0700
From: Steve Sobol <sjsobol@JustThe.net>
To: Bill Stewart <nonobvious@gmail.com>
Cc: North American Networking and Offtopic Gripes List <nanog@nanog.org>
In-Reply-To: <18a5e7cb0504271708659af817@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
Bill Stewart wrote:
> You could solve 90% of the problems that you perceive are being caused
> by unrestricted
> cable modem users by using blocklists to ignore traffic from them.
Which would be great if cable/DSL providers offered some insight into which of
their netblocks should be blocked and which shouldn't, but that generally isn't
the case, so by blocking a certain ip or /24 or whatever, I don't know if I'm
blocking customers whose TOS allows them to run servers, or even perhaps
blocking Internet-facing servers run by the provider.
(Aside from other valid issues mentioned in a reply that apparently hasn't hit
nanog yet)
> As somebody who picked a DSL provider specifically because it allows me to
> run any kind of server I want
What's rDNS for the ip address(es) assigned to you?
> I'm not highly in favor of blocking
> traffic from broadband users
> and killing the end-to-end principle that makes the Internet work,
I'm not in favor of mindless blocking of entire netblocks that may contain
stuff that should not be blocked, but broadband providers are notorious for
(e.g.) lumping residential customers that can be blocked, with no collateral
damage, in the same netblocks as business customers who need to run Internet
facing servers, and (e.g.) not providing an easy way to differentiate between
the two classes of customer in the first place.
--
JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638)
Steven J. Sobol, Geek In Charge / sjsobol@JustThe.net / PGP: 0xE3AE35ED
"The wisdom of a fool won't set you free"
--New Order, "Bizarre Love Triangle"
