[80345] in North American Network Operators' Group
Re: Schneier: ISPs should bear security burden
daemon@ATHENA.MIT.EDU (Dave Rand)
Fri Apr 29 05:08:06 2005
From: dlr@bungi.com (Dave Rand)
Date: Fri, 29 Apr 2005 02:07:17 -0700
In-Reply-To: "Steve Sobol"'s message on Apr 28, 10:20.
To: "Steve Sobol" <sjsobol@JustThe.net>,
Mark Newton <newton@internode.com.au>
Cc: "Owen DeLong" <owen@delong.com>,
"Bill Stewart" <nonobvious@gmail.com>,
"North American Networking and Offtopic Gripes List" <nanog@nanog.org>
Errors-To: owner-nanog@merit.edu
[In the message entitled "Re: Schneier: ISPs should bear security burden" on Apr 28, 10:20, "Steve Sobol" writes:]
> There are some basic rules of thumb you can use. The problem is that they're
> not guaranteed to work. The best solution was created years ago (Gordon
> Fecyk's DUL, which lists IP ranges the ISPs specifically register as
> dynamic/not supposed to host servers) and eventually came under the purview of
> Kelkea/MAPS, but there wasn't a ton of ISP buy-in. If we could create a
> similar list and actually get ISPs to register the appropriate netblocks (and
> not mix in IPs where servers are allowed, and IPs where they aren't, in the
> same block), that'd be great.
Dunno what a ton of ISP buy-in is, but the MAPS DUL now contains about
190,000,000 entries. We've been working on it very hard for the last year or
two. Most ISP-level subscribers figure it stops a pretty large percentage of
the compromised-home-computer spam.
--
