Re: Broadband routers and botnets - being proactive

[Ian Mason <nanog () ian co uk>]

On 16 May 2007, at 00:53, Joel Jaeggli wrote:

> [snip]

> The thing is it would be really nice to have some functional  
> separation
> between the business of this list which is operating a network, and  
> the
> security focused lists, and the botnet/phishing/spam lists, addressing
> policy lists, the internet standards list, and so forth.

While there persists an attitude that security isn't a core part of
running a network there will continue to be insecure networks flooded
with spam, phishing, botnets et al. I've been running wide area networks
since 1995 and I've always seen security as an operational network issue
and moreover I find incomprehensible an attitude that sees it otherwise.

> You and I and lots of other people on this list are on on many or  
> all of
> those sorts of lists. While cross-pollination is acceptable and in  
> fact
> desired dragging the business of one group of community interests  
> in to
> the domain of another is not appropriate.
>
> In the particular case of Gadi, I resent the persistent grandstanding
> and offers of assistance and assurances that's he's on the job. That's
> essentially all advertising for his consulting business and I don't
> think it's appropriate on this list. I for one do not flog the  
> products
> of my employer on this list, nor do you, or most other people who
> participate.

While Gabi is voluble I don't concur. I've never formed the impression
that he's advertising anything other than the problem or some [possible]
solutions. I've certainly never felt he was advertising his paid  
services
- so much so that this is the first time I was explicitly aware that he
offers paid consultancy in this area, if that is indeed the case.

> I tolerate this sort of behavior  in the security arena (read  bugtrac
> these days) though I resent the fact that it's de rigeur in the space
> for many disclosures to essentially be advertising for the consultants
> doing the work, virus updates are advertising for anti-virus  
> companies etc.
>         

[snip]

Can I please make a [probably futile] request.

If someone thinks something is off-topic but the subject matter is even
conceivably marginally on-topic - just skip the post. Don't start a long
discussion of the relevance. Inevitably the discussion of topicality  
takes up
more time and attention than the original subject would have.  
Whenever I see
this happen I always suspect that the operational issue is really  
that the
complainants don't have enough real operational work to do and I wish  
I had
their cushy job.