nanog mailing list archives
Re: GRC rides again...
From: Stephen Kowalchuk <skowalchuk () diamonex com>
Date: Mon, 02 Jul 2001 11:39:54 -0400
There are some basic protections an ISP can take, but really what Gibson is crying about is an end-node security problem. What can ISPs do? Doesn't their ability to add value to the security equation revolve around each ISP performing its role in the process of routing and distributing packets, no more and no less? Aside from removing spoofed packets, performing ingress and egress filtering, and responding to direct customer and supplier needs, I don't see anything else an ISP itself can do. One caveat to the above: I don't buy all this bullshit about "peering" vs. "customer/supplier" relationships. If you send a packet to a network, you are that network's supplier and should be willing to act in a supplier's capacity. If you receive a packet from a network, you are that network's customer and should be willing to act as a customer. If you are doing both, then you have to put on both hats as needed and step up to take responsibility for the business arrangement as it is. Hiding behind peering agreements to ignore problems or blame the other party solves nothing. Lack of security clue on the part of an end-node is an end-node's problem. If all the people who run Windows boxes suddenly went to RedHat 7, we'd have a mass of lpd, wu-ftpd, rpc.statd and similar problems. The solution lies with education of the ignorant masses on the basics of security. While this is not an ISP's responsibility, those immediately upstream of end-nodes may want to offer it as a value-added service. It would appear there is certainly a market. My $0.02. -- -------------------------------------------------------------------------- Stephen Kowalchuk skowalchuk () diamonex com Diamonex, Incorporated Letting go does not mean you stop making decisions. You simply stop fighting where the decisions lead you. --------------------------------------------------------------------------
Current thread:
- Re: GRC rides again..., (continued)
- Re: GRC rides again... Roland Dobbins (Jul 02)
- RE: GRC rides again... Mike Batchelor (Jul 02)
- Re: GRC rides again... Valdis . Kletnieks (Jul 02)
- Re: GRC rides again... Scott Francis (Jul 02)
- RE: GRC rides again... Roeland Meyer (Jul 02)
- RE: GRC rides again... Dave Israel (Jul 02)
- Re: GRC rides again... David Howe (Jul 02)
- RE: GRC rides again... Roeland Meyer (Jul 02)
- RE: GRC rides again... Ron Buchalski (Jul 02)
- Re: GRC rides again... Ron Buchalski (Jul 02)
- Re: GRC rides again... Stephen Kowalchuk (Jul 02)
- Re: GRC rides again... David Howe (Jul 02)
- RE: GRC rides again... Benny Fischer (Jul 05)
- Re: GRC rides again... auto261850 (Jul 02)
- Re: GRC rides again... Owen DeLong (Jul 02)
- RE: GRC rides again... Roeland Meyer (Jul 02)
- RE: GRC rides again... Roeland Meyer (Jul 02)