North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Stupid Question: Network Abuse RFC?

  • From: Sean Donelan
  • Date: Mon Jan 14 02:23:30 2008


On Mon, 14 Jan 2008, Paul Ferguson wrote:
Instead of being an apologist for the problem, how would _you_
suggest we address these process, procedural, and organizational
issues?

If you look in the archives, in the past I've listed the things that seem to be needed for those organizations to succeed.

Over the years, I've worked with people to launch new groups, such as ISP-ISAC, INOC-DBA, NSP-SEC, GIAIS and a few more. Some more sucessful than others. Some won't admit me as a member anymore :-)

What are you trying to do?

Look at old security incident groups like CERT/CC, FIRST, NRIC and NSIE that have been around since the late 1980's/early 1990's.

Look at the middle-age groups like BORG, CIX, IOPS, ISPSEC, LINX, NANOG and RIPE. And a bunch of temporary Y2K groups.

Look at the new groups like APWG, DA/MWP/etc, DDOS-WG, GIAIS/MVI/VIA/SCP/MSSA,
MAAWG, NSP-SEC, SECSAC/RSSAC, lots of *-ISACs.

I left out the academic or government only groups, there are soo many.

If you want to share information, there are lots of ways to do it.
Information does tend to move between the groups, unless you explicitly
say don't share the information. The government folks are convinced
that industry leaks, while the industry folks are convinced that government leaks.


If you want to get people in a room so you can yell at them about the
lousy job they are doing, that's less useful.

Of course, in a few weeks, someone else will probably be yelling about
ISPs interfering with their right to do something or other.