From: Sean Donelan (no email)
Date: Sat Aug 05 2006 - 17:17:27 EDT
On Sat, 5 Aug 2006, Danny McPherson wrote:
> Right, hence my point. By and large, SPs don't have the time or
> resources to police the greater Internet, and therefore, they respond
> in a very reactive fashion when some malicious activity *that* warrants
> action dictates. Taking out known botnet C&C infrastructure is more
> proactive and at least from my perspective, continues to yield a
> discernible impact.
Even assuming SPs had the time and the resources, its not always clear
what actions should be considered acceptable for SPs to do. If resources
were the only issue, making this another "War on X" and throwing lots of
money at the problem would be the answer. But that's not the right
answer.
People/customers seem to get just as upset with "proactive" SPs as they do
with "unactive" SPs. Even if it was possible to run the Internet like the
most secure closed corporate network, is that what people actually want?
I know lots of vendors that would be more than happy to sell SPs lots and
lots of security stuff to achieve that ;-)
Hopefully, by their nature SPs will always be a bit reactive. Unless
I want them to, I don't want SPs messing with my traffic. Its my right
to connect anything I want, send anything I want, do anything I want with
my Internet connection. On the other hand, when I do complain I want the
SP to instantly be able to stop anything I don't want, even when I don't
know what it is, and be able to track every bad thing that every happened
even before I knew it was bad but not keep records of what anyone has
done. And of course, I don't think I should pay extra for it.
Railroads have the railroad police. The Post Office has postal
inspectors. Do we want to give ISP security the power to arrest
people? There are probably some security officers at SPs that
would love to bust some doors down and slap handcuffs on a few
people.
|
|
|