Joe Shaw <jshawat_private> rote: <<generally accepted/understood stuff snipped>> > The generally accepted model is to filter as close to the edge as > possible, and most ISP's that I've dealt with seem to take this to mean > it's your responsibility to do so. Remember, the NSP's job is to forward > packets to you as fast as possible. Filtering will generally be your > responsibility, not theirs. Personally, I'd much rather know what's > coming at me so I can trend what people are trying to do against my > network. It may be tedios to weed through, but just like Stoll's $.25 > accounting discrepency, something in their might point to something you > should be paying attention to. Sure. As proved "useful" when something happened to grc.com recently, as documented at: http://grc.com/dos/grcdos.htm But once you have worked out what's being done, what responsibility should your ISP/NSP take? And for how long? Imagine you were being hit like grc.com (approx 500 machines firing 600+ MB of ping traffic and infinite other UDP rubbish at two T1s), but unlike Steve Gibson, you were unable to SE the perpetrators to stop... How many weeks would your domain have to be off the net before the FBI's (effective) $200,000 damages limit would be reached? And if the perps were minors and thus the "value" of a prosecution's outcome was not likely to meet the cost of the investigation and of bringing the prosecution? Maybe you'd have to wait five times that for your losses to hit a million? Or more??? The Internet's trust model is fundamentally broken in its current implementation as an open, public network. It always was, actually, as its protocols were designed as a system for interconnecting equally trusted susyems... At what point (and how) are ISPs and NSPs to take what responsibiliy for not making that clear, up front, to their clients? Regards, Nick FitzGerald
This archive was generated by hypermail 2b30 : Sat Jun 02 2001 - 08:13:31 PDT