|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NANOG meeting subject of attack? Hmmmm....
Just my $0.02... (please don't flame me saying we already have this if people would ingress filter, etc., I'm just trying to through some "pie in the sky" so to speak) (Flames for being off-topic on nanog are, of course, welcome and expected - regardless of if I'm off topic or not.). A LOT of things would be easier if we could tag everyhting with some sort of unique origin. Yes, source address verification provides this (ingress filtering). If I could definately say that "this attack originated on ISP x's network" or "this spam came from ISP x's customer" and so on, and I had enough information that I could hand ISP x the "session id" or something like that and they could track it back to the customer, then this would make nailing these creaps easier. I have for a long time thought that it might be cool to do something with SMTP so that each customer authenticates to the ISP and all the ISP's authenticate to each other. That way, spam could be tracked to the definate origin ISP and the origin ISP could track it back to the customer. You could then say "I'm only going to talk to other sendmails which will identfy themselves using the xxx trust protocol" That way, you can effectively guarantee that all mail can be tracked back to the source. Some people would raise the privacy issue. First of all, you're already trusting your ISP with your privacy. The type of thing I'm suggesting is something that the public could only track back to the origin ISP and the origin ISP would have to track it to the customer, and/or make the determination whether to release the information or not or to terminate the user or not, or to do nothing or not. That way, if you're posting "anonomously" to a usenet group, your ISP might find out, but unless the ISP makes it "public" noone else could find out. Ok, now I've really rambled on here.... Maybe one more paragraph. I think that maybe the real thing I'm suggesting is some sort of "web of trust" kinda like the bofh (or maybe better yet usenet 2) usenet feed, where everyone in the "web of trust" has to follow the rules and if they don't they can be removed. Eventually, you can say "I'm only listening to AS's which are on the "clean list" which means they at least follow the anti-spoof provisions of the RFC." The real question would be how to get something like this going and since IANAL, whether the lawyers would have a heyday with this. - Forrest W. Christian ([email protected]) KD7EHZ ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ----------------------------------------------------------------------
|