North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Schneier: ISPs should bear security burden
Bill Stewart wrote: Which would be great if cable/DSL providers offered some insight into which of their netblocks should be blocked and which shouldn't, but that generally isn't the case, so by blocking a certain ip or /24 or whatever, I don't know if I'm blocking customers whose TOS allows them to run servers, or even perhaps blocking Internet-facing servers run by the provider.You could solve 90% of the problems that you perceive are being caused by unrestricted cable modem users by using blocklists to ignore traffic from them. (Aside from other valid issues mentioned in a reply that apparently hasn't hit nanog yet) As somebody who picked a DSL provider specifically because it allows me to run any kind of server I want What's rDNS for the ip address(es) assigned to you? I'm not in favor of mindless blocking of entire netblocks that may contain stuff that should not be blocked, but broadband providers are notorious for (e.g.) lumping residential customers that can be blocked, with no collateral damage, in the same netblocks as business customers who need to run Internet facing servers, and (e.g.) not providing an easy way to differentiate between the two classes of customer in the first place.I'm not highly in favor of blocking traffic from broadband users and killing the end-to-end principle that makes the Internet work, -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [email protected] / PGP: 0xE3AE35ED "The wisdom of a fool won't set you free" --New Order, "Bizarre Love Triangle"
|