|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Schneier: ISPs should bear security burden
In article <[email protected]> you write: > >[In the message entitled "Re: Schneier: ISPs should bear security >burden" on May 1, 12:25, "Jay R. Ashworth" writes:] >> Ok, so here's a question for your, Dave: >> >> do you have a procedure for entertaining requests to be excluded from >> your replies from people with legitimate needs to operate MTA's, who >> have been given (let us say) static addresses by their providers which >> fall within a range you understand to be dialup? >> >> (I'm assuming you include cable and DSL end-user address pools; this is >> the sort of thing I'm asking about.) > >Of course, Jay. > >First off, static addresses don't belong on the DUL (unless the ISP >chooses to list them). > >Second, any address can be removed by the ISP (even if it is a /32 in >the middle of an otherwise all dynamic /16). End-users are directed >to have their ISP contact us, as we *do not* take the end-users word >for it. > >A quick note to [email protected] will get it handled. Actually I think there are multiple classes in DUL. 1. unfilter addresses dynamic 2. unfilter addresses static 3. ISP filtered addresses dynamic 4. ISP filtered addresses static Most people using DUL for blocking want to detect the unfiltered addresses. Filtered address space poses no more risk than any space not on the DUL and may infact pose less risk as you know that requires a deliberate act by the ISP to allow outgoing SMTP connections. Whats needed is two lists. One for the unfiltered and a second for the filtered addresses. The second one can be used as a white list for those who insist on using name-patterns to block addresses. We already have evidence in this thread of one person using DUL as a white list. By continuing to lump filtered and unfiltered addresses together you are throwing out the baby with the bath water. I don't see the need to distinguish between static and dynamic address. All address space can be classes as static / dynamic depending upon the time frame the address use is measured over. Mark
|