Re: A question for the list...

From: Steve Barnet (barnetat_private)
Date: Wed May 21 2003 - 14:53:05 PDT

Next message: Matt LaFelero: "Possible Intrusion Attempt?"

Previous message: Erik Fichtner: "Re: Scans from proxyprotector.com"
Next in thread: Gary Flynn: "Re: A question for the list..."
Next in thread: King, Brian: "RE: A question for the list..."
Reply: Gary Flynn: "Re: A question for the list..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>  We're talking about (a pound of) cure, how about (an ounce of)
> prevention?
> 
>   There seems to be consensus that (lack of) competence is part of the
> problem.. If ISP's would/could take on more responsibility, the need for
> hack-back would be greatly reduced, making discussion if it's nice or
> not futile, so maybe the following is even on topic ;-)

[snip]

>   I am aware that most ISP's are operating within tight budgets, I am
> less aware of the impact of such a scheme on costs. 

Very nasty: N customers x M ports. Customer changes admins and becomes 
incompetent. Customer adds a platform and becomes incompetent. Customer 
adds an admin and becomes competent. ...

It won't scale at all well.
 
> 
>   One benefit for the ISP would be a reduced load on abuse@.. A benefit
> for the customer would be reduced maintenance and clean-up costs. The
> benefits for the community are obvious.
> 
>   What do you think ?

This sounds good in principle, but I think it would ultimately 
prove ineffective. There are the very obvious problems of 
determining competence (suppose the ISP is not competent) and 
resolving issues that are more social and organizational (and 
hence ultimately political).

However, even assuming all of the hairy judgment issues could be 
worked out, this would create a cost incentive to simply start 
tunneling every protocol through port 80 (or one arbitrary port). 
Given people's propensity to install arbitrary software from 
random anonymous sources:

From: supportat_private
Subject: Leet0 pr0xy 4 U
See my file!
-----Attachment
naughty.pif

I doubt it would take long to reconstruct the existing problem.

And given the history with egress filtering which also has 
obvious benefits for the community ...

Best,

---Steve




----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------

Next message: Matt LaFelero: "Possible Intrusion Attempt?"
Previous message: Erik Fichtner: "Re: Scans from proxyprotector.com"
Next in thread: Gary Flynn: "Re: A question for the list..."
Next in thread: King, Brian: "RE: A question for the list..."
Reply: Gary Flynn: "Re: A question for the list..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 22 2003 - 12:04:58 PDT