Re: ISP Filtering (Survey of Sorts)

From: Brett Glass (brettat_private)
Date: Fri Jun 01 2001 - 20:20:24 PDT

  • Next message: Nick FitzGerald: "Re: ISP Filtering (Survey of Sorts)"

    At 11:09 AM 5/31/2001, McCammon, Keith wrote:
      
    >A few questions:
    >
    >1) Does anyone know of a list of known security-conscious ISP's (for larger
    >corporate circuits) that are known for providing basic security services
    >(ingress/egress filters, RFC1918's, and client-specific filter requests) to
    >customers without hassle.
    
    LARIAT, which is a non-profit community network, will do this for members
    upon request (and we do it automatically for members using the dial-ups).
    However, our business members with high-speed links often want to take 
    responsibility for their own destinies. If so, we let them. 
    
    We still do some monitoring, though. It's scary how frequently a small 
    business will get a hotshot employee who claims to know his network
    administration but really knows just enough to put the company in grave
    danger. Usually, he'll put up a brand-spanking-new NT/Win2000 box and/or 
    a vulnerable version of Linux... and is hit by hackers or the Ramen worm, 
    respectively, in short order. If we see that this has happened, we
    reserve the right to block the packets or shut down the link.
    
    >2) Does anyone else have an ISP that, by policy, will not filter upstream?
    >I've got Verizon, and I've been having some infrequent correspondence with
    >them regarding filtering and it has been denied all the way up the chain.
    >I'm getting kind of tired of seeing thousands of matches on my access-lists
    >against RFC1918 rules and such that I would assume should be filtered by any
    >semi-responsible ISP.
    
    There are a few "IP purists" who believe that the Net should be as dumb
    as possible in order to be fast. They're mainly left over from the days
    of the friendly, academic Internet where no accountability was required
    because folks were well-behaved. In real life, of course, we don't fire
    all of our policemen just because we have locks on our doors.
    
    --Brett
    



    This archive was generated by hypermail 2b30 : Sat Jun 02 2001 - 07:15:59 PDT