Re: [fw-wiz] Re: Anybody Recognize These Uploads?

From: Mike Hoskins (mike@adept.org)
Date: 01/03/03 

From: Mike Hoskins <mike@adept.org>
To: firewall-wizards@honor.icsalabs.com
Date: Fri Jan  3 15:51:01 2003

On Fri, 3 Jan 2003, Gary Flynn wrote:
> > It's easier to block a country, class A/B/C, etc. than it is to monitor,
> > inspect, track and resolve potential issues. Doing things simply because
> > they're easy, however, rarely leads to the desired result.
> Engineers and managers can no more "monitor, inspect, track, and
> resolve potential issues" brought on by connecting the world's
> population than can scientists, politicians, law enforcement, and
> religious leaders.

I understand your frustration, but somewhat disagree...

> An open network, like an open society, requires cooperative,
> educated members for it to function.

Precisely, and it is by help of these cooperative, educated members of
the Internet society (I know they're out there ;), or at least the network
(security) engineering society, that monitoring, inspecting, tracking and
resolving potential issues becomes possible.

The people I know choose access and hosting providers, for example, based
upon peer review. I.e. If Provider A has operations staff that is known
to help identify, track and resolve DoS/DDoS attacks then I'd rather be a
part of their cooperative, educated, helpful network society than Provider
B's who just blackholes a class C when one IP within the block is found to
be an open relay. (This is just one easy example. :)

I'm not arguing there's not a time and place for blackholing or other
action on the part of the admin, but I think some of these bandaids are
chosen too quickly without careful consideration of the potential
imlications. (Hey, that's life.) 

--
Mike Hoskins		This message is RFC 1855 compliant,
mike@adept.org		www.adept.org/pub/rfcs/rfc1855.html

Relevant Pages