At 11:09 AM 5/31/2001, McCammon, Keith wrote: >A few questions: > >1) Does anyone know of a list of known security-conscious ISP's (for larger >corporate circuits) that are known for providing basic security services >(ingress/egress filters, RFC1918's, and client-specific filter requests) to >customers without hassle. LARIAT, which is a non-profit community network, will do this for members upon request (and we do it automatically for members using the dial-ups). However, our business members with high-speed links often want to take responsibility for their own destinies. If so, we let them. We still do some monitoring, though. It's scary how frequently a small business will get a hotshot employee who claims to know his network administration but really knows just enough to put the company in grave danger. Usually, he'll put up a brand-spanking-new NT/Win2000 box and/or a vulnerable version of Linux... and is hit by hackers or the Ramen worm, respectively, in short order. If we see that this has happened, we reserve the right to block the packets or shut down the link. >2) Does anyone else have an ISP that, by policy, will not filter upstream? >I've got Verizon, and I've been having some infrequent correspondence with >them regarding filtering and it has been denied all the way up the chain. >I'm getting kind of tired of seeing thousands of matches on my access-lists >against RFC1918 rules and such that I would assume should be filtered by any >semi-responsible ISP. There are a few "IP purists" who believe that the Net should be as dumb as possible in order to be fast. They're mainly left over from the days of the friendly, academic Internet where no accountability was required because folks were well-behaved. In real life, of course, we don't fire all of our policemen just because we have locks on our doors. --Brett
This archive was generated by hypermail 2b30 : Sat Jun 02 2001 - 07:15:59 PDT