North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Points on your Internet driver's license

  • From: Randy Bush
  • Date: Sun Jun 13 15:23:14 2004

> My inbox overflows with complaints about the analogy

and, undoubtedly, you think your isp should block that traffic.
:-)/2

> Hopefully, the appliances (e.g. MS Windows) will get better
> over time, but in the meanwhile, how do we limit the damage?

> If user education is the answer, then let the user get
> educated enough to figure out he's NAT'ed and proxied, and
> then ask to have the raw IP service.

how is the user going know the brokenness you net vigilantes
propose to impose from the brokenness the other miscreants
impose?  

tell us, john, when you were at xo and gt&e, how much did you
educate your users as to to the perils of running open; how
much education and notification did you give them about
applying security patches; ...?  perhaps before we screw 'em we
could give 'em a bit of sex ed?

just to bore you, i'll repeat a bit from a couple of days ago.

randy

---

From: Randy Bush <[email protected]>
Date: Fri, 11 Jun 2004 16:37:27 -0700
To: Henry Linneweh <[email protected]>
Cc: [email protected]
Subject: RE: Even you can be hacked

yes, we're gonna hack desperately for a decade to make up for
asecure (innocent of, as contrasted with devoid of, security)
application protocols and implementations.  it'll take half
that time for the ivtf and the vendors to realize how deeply
complexity is our enemy.  and until then we'll hack everywhere
in our desperation.

but in the long run, i don't think we can win with an active
middle.

the problem is that the the difference betwen good traffic and
bad traffic is intent.  did the sender intend to send / reveal
those data?  did the recipient wish to receive them?

and, i don't think we can stand in the middle and judge.  and
there's the rub.

...