North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Schneier: ISPs should bear security burden

  • From: Owen DeLong
  • Date: Wed Apr 27 16:12:47 2005 
--On Wednesday, April 27, 2005 11:08 AM -0700 Dan Hollis <[email protected]>
wrote:

> On Wed, 27 Apr 2005, Owen DeLong wrote:
>> Strangely, for all the FUD in the above paragraph, I'm just not buying
>> it. The internet, as near as I can tell, is functioning today at least
>> as well as it ever has in my 20+ years of experience working with it.
> 
> You must not have used it much in those 20 years. I can definitely say 
> worms, trojans, spam, phishing, ddos, and other attacks is up several 
> orders of magnitude in those 20 years. Malicious packets now account for 
> a significant percentage of all ip traffic. Eventually I expect malicious 
> packets will outnumber legitimate packets, just like malicious email 
> outnumbers legitimate email today.
> 
All of that is true.  However, I don't define functioning internet in
terms of the lack of these things.  I define it in terms of when I
try to get a connection from my point A to far-end point B, what
is the loss and/or failure rate of the desired traffic.  From that
perspective, in my experience, things are better today than they
ever have been.

> As long as the environmental polluter model continues to be championed
> and  promoted on nanog (of all places), the problem will only get worse.
> 
I'm not attempting to encourage the environmental polluter model.  However,
making making the guy that owns the pipeline responsible for the chemical
plant 200 miles away that is polluting the product provided to him by
the water production company still doesn't make sense to me.  You have
to make the chemical plant responsible, or, the problem just keeps getting
more expensive.  My point is we need to look to solve problems, not symptoms
of problems.

Transit solutions to end-node problems are costly and progressively less
effective over time.

Owen


-- 
If it wasn't crypto-signed, it probably didn't come from me.

Attachment: pgp00031.pgp
Description: PGP signature