[Dshield] Possible solution for ISP (was DShield's public goals)

David Cary Hart DShield at TQMcube.com
Tue Jan 10 18:16:02 GMT 2006


On Tue, 10 Jan 2006 09:56:19 -0600
Laura Vance <vancel at winfreeacademy.com> opined:
> 
> The problem with the bigger point is that in order to accomplish that 
> and still allow inbound traffic to those that want it, it puts a HUGE 
> load on the ISP to maintain the port/ip forwarding into their private IP 
> space.  Then if the ISP's refuse to do ingress NAT, it will punish those 
> of us that cannot afford a static IP at home, but choose to be a 
> responsible server administrator for projects outside of our jobs.  

Without doing a thorough study, I am reasonably certain that the problems
caused by home hobbyists running servers in residential space are statistically
insignificant.

I suspect (based upon what I have seen) that the majority of open relay and formmail problems
can be tracked to mediocre consultants to small businesses running Windows
servers. You need a license to catch a fish but anyone can f**k up the Internet
- and get paid for doing it.

A compromise is provided by closing the ports by default and opening
them upon request. I suspect that most of the compromised machine owners
wouldn't know the difference between port 25 and Interstate I95. The simple
proviso is that, if your machine is exploited, you lose the open port.

-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com/spam_trap.php
   FSS v. AHBL SLAPP Suit: http://www.TQMcube.com/ahbl.php
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php


More information about the list mailing list