North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: "Default" Internet Service

  • From: Matthew Sullivan
  • Date: Sun Jun 13 19:07:31 2004 
Christopher L. Morrow wrote:
On Sat, 12 Jun 2004, John Curran wrote:


The real challenge here is that the "default" Internet service is
wide-open Internet Protocol, w/o any safeties or controls. This
made a lot of sense when the Internet was a few hundred sites,
but is showing real scaling problems today (spam, major viruses,
etc.)

One could imagine changing the paradigm (never easy) so that
the normal Internet service was proxied for common applications
and NAT'ed for everything else... This wouldn't eliminate all the
problems, but would dramatically cut down the incident rate.

This sounds like a fantastic idea, for instance: How much direct IP does
joe-average Internet user really require? Do they require anything more
than imap(s)/pop(s)/smtp(+tls) and dns/http/https ? I suppose they also
need:
1) internet gaming
2) voip
3) kazaa/p2p-app(s)-of-choice
4) IM

Actually I'm sure there are quite a few things they need, things which
require either very smart NAT/Proxy devices or open access. The filtering
of IP on the broad scale will hamper creativity and innovation. I'm fairly
certain this was not what we want in the long term, is it?

I acutally suggested something like this at the recent AusCERT 2004 conference... It's not such a bad idea....

The real question being "why are we giving mum's and dad's who sign up to the internet, and know nothing about either the Internet or computers, full unrestricted incoming and outgoing access...?" ... answer because the more bandwidth they use the more the ISP earns... so the ISPs don't care (in some cases) if the mum's and dad's get trojaned, because it's all money.

My suggestion to the AusCERT delegates was to introduce a new default service which has very limited access, and if people ask for more, give them the access after they have read through various 'educational' pages.... Perhaps a simple online quiz at the end -just 3-5 questions with the answers being very clearly explained in the previous pages - just to show the people have actually read the pages, rather than skipped to the end and hit 'I accept'.

I also suggested that if ISPs have the technology perhaps a simple IP pools method of allocating the users IP, where they could turn on and turn off access to certain protocols - eg: have a pool for P2P users, a pool for VOIP etc...

/ Mat