Re: Re: Anybody Recognize These Uploads?

[Mike Hoskins <mike () adept org>]

On Fri, 3 Jan 2003, Gary Flynn wrote:
> > It's easier to block a country, class A/B/C, etc. than it is to monitor,
> > inspect, track and resolve potential issues.  Doing things simply because
> > they're easy, however, rarely leads to the desired result.
> Engineers and managers can no more "monitor, inspect, track, and
> resolve potential issues" brought on by connecting the world's
> population than can scientists, politicians, law enforcement, and
> religious leaders.

I understand your frustration, but somewhat disagree...

> An open network, like an open society, requires cooperative,
> educated members for it to function.

Precisely, and it is by help of these cooperative, educated members of
the Internet society (I know they're out there ;), or at least the network
(security) engineering society, that monitoring, inspecting, tracking and
resolving potential issues becomes possible.

The people I know choose access and hosting providers, for example, based
upon peer review.  I.e. If Provider A has operations staff that is known
to help identify, track and resolve DoS/DDoS attacks then I'd rather be a
part of their cooperative, educated, helpful network society than Provider
B's who just blackholes a class C when one IP within the block is found to
be an open relay.  (This is just one easy example.  :)

I'm not arguing there's not a time and place for blackholing or other
action on the part of the admin, but I think some of these bandaids are
chosen too quickly without careful consideration of the potential
imlications.  (Hey, that's life.)

--
Mike Hoskins            This message is RFC 1855 compliant,
mike () adept org               www.adept.org/pub/rfcs/rfc1855.html

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards