[Dshield] Possible solution for ISP (was DShield's public goals)

Sean Smith ssmith at kwqc.com
Fri Jan 13 17:01:50 GMT 2006

It's funny because whenever I think of getting a bunch of providers to
do anything, I think back to the mainstreaming of MIDI... 

Corporations met time and time again, each with their own ideas and
configurations.. None of them were willing to budge.. But somehow we
ended up with General Midi. It was like pulling teeth and took YEARS for
them to come up with a standard let alone practical application... 

See any parallel lines?? :) 

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Fergie
Sent: Friday, January 13, 2006 10:51 AM
To: list at lists.dshield.org
Subject: Re: [Dshield] Possible solution for ISP (was DShield's public

Obviously, you've never worked with ISPs -- getting a 'majority'
of them to do anything is, like, difficult. And I'm being generous
here...  ;-)

I mean, even a 'Best Current Practice' such as RFC2827/BCP38 (of which I
am a coauthor) hasn't been widely adopted and implemented by a
'majority' of ISPs, and everyone agree that it needs to be done.

- ferg

-- Laura Vance <vancel at winfreeacademy.com> wrote:


The ISPs don't have to start blocking until a majority of ISPs are
onboard with the system.  The rest of the system would be fine, and they
wouldn't even have to kick the user off if Cefiar's suggestion was used
about limiting the infected machine to only run utilities to repair it
before their link is opened back up fully.  It would also serve as a
notification that the user is infected... and, most importantly, it
could be mostly automated.

The basic idea is very flexible, but it seems that all you are trying to
do is dismiss it or shoot it down with statements that have already been
addressed.  If you spent the same effort helping to cultivate the idea
it would become a better system that could have ISPs jumping onboard.

Laura Vance
Systems Engineer
Winfree Academy Charter Schools


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet  fergdawg at netzero.net or
fergdawg at sbcglobal.net  ferg's tech blog: http://fergdawg.blogspot.com/

Learn about Intrusion Detection in Depth from the comfort of your own

send all posts to list at lists.dshield.org To change your subscription
options (or unsubscribe), see:

More information about the list mailing list