[Dshield] Possible solution for ISP (was DShield's public goals)

Laura Vance vancel at winfreeacademy.com
Fri Jan 13 16:08:31 GMT 2006


Valdis.Kletnieks at vt.edu wrote:

>On Thu, 12 Jan 2006 11:07:28 CST, Laura Vance said:
>
>  
>
>>Actually it only blocks for those on the infected ISP *if* the other 
>>ISPs do use the ISP block as a means to convince the other ISPs to 
>>follow suit.
>>    
>>
>
>So this works just great if 99% of the ISPs are participating.
>
>How well does this work if only 25% are participating?  They just cut
>themselves off from the 75% of the non-participants....
>
>This is known as a "bootstrap problem" - any scheme that provides a negative
>benefit until an overwhelming majority deploy it will not deploy in the real
>world, because no provider wants to take the hit of being in the first 10%,
>or 25%, or 60% of sites to deploy....
>  
>
This question has already been addressed earlier in this thread, but 
I'll answer it again.

The ISPs don't have to start blocking until a majority of ISPs are 
onboard with the system.  The rest of the system would be fine, and they 
wouldn't even have to kick the user off if Cefiar's suggestion was used 
about limiting the infected machine to only run utilities to repair it 
before their link is opened back up fully.  It would also serve as a 
notification that the user is infected... and, most importantly, it 
could be mostly automated.

The basic idea is very flexible, but it seems that all you are trying to 
do is dismiss it or shoot it down with statements that have already been 
addressed.  If you spent the same effort helping to cultivate the idea 
it would become a better system that could have ISPs jumping onboard.

-- 
Thanks,
Laura Vance
Systems Engineer
Winfree Academy Charter Schools




More information about the list mailing list