Re: A question for the list...

• Previous message: Erik Fichtner: "Re: Scans from proxyprotector.com"
• Maybe in reply to: Dan Hanson: "A question for the list..."
• Next in thread: Gary Flynn: "Re: A question for the list..."
• Reply: Gary Flynn: "Re: A question for the list..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: incidents@securityfocus.com
Date: Wed, 21 May 2003 16:53:05 -0500

> We're talking about (a pound of) cure, how about (an ounce of)
> prevention?
>
> There seems to be consensus that (lack of) competence is part of the
> problem.. If ISP's would/could take on more responsibility, the need for
> hack-back would be greatly reduced, making discussion if it's nice or
> not futile, so maybe the following is even on topic ;-)

[snip]

> I am aware that most ISP's are operating within tight budgets, I am
> less aware of the impact of such a scheme on costs.

Very nasty: N customers x M ports. Customer changes admins and becomes
incompetent. Customer adds a platform and becomes incompetent. Customer
adds an admin and becomes competent. ...

It won't scale at all well.
 
>
> One benefit for the ISP would be a reduced load on abuse@.. A benefit
> for the customer would be reduced maintenance and clean-up costs. The
> benefits for the community are obvious.
>
> What do you think ?

This sounds good in principle, but I think it would ultimately
prove ineffective. There are the very obvious problems of
determining competence (suppose the ISP is not competent) and
resolving issues that are more social and organizational (and
hence ultimately political).

However, even assuming all of the hairy judgment issues could be
worked out, this would create a cost incentive to simply start
tunneling every protocol through port 80 (or one arbitrary port).
Given people's propensity to install arbitrary software from
random anonymous sources:

From: support@microsoft.com
Subject: Leet0 pr0xy 4 U
See my file!
-----Attachment
naughty.pif

I doubt it would take long to reconstruct the existing problem.

And given the history with egress filtering which also has
obvious benefits for the community ...

Best,

---Steve

----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------

• Previous message: Erik Fichtner: "Re: Scans from proxyprotector.com"
• Maybe in reply to: Dan Hanson: "A question for the list..."
• Next in thread: Gary Flynn: "Re: A question for the list..."
• Reply: Gary Flynn: "Re: A question for the list..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]