[Dshield] Possible solution for ISP (was DShield's public goals)

ed.truitt@etee2k.net ed.truitt at etee2k.net
Fri Jan 13 17:02:03 GMT 2006

Maybe, the reason we are bringing up statements you feel have already been
addressed is that we (some of us, anyway) aren't sure they have been 

Actually, I think that some of us (at least one of us) aren't yet 
convinced this
is an idea we should be cultivating (I presume you mean "promoting it", but I
might be mistaken there.)  I see too many problems implementing this in the
real world (in which ISPs don't have the resources necessary to 
properly manage
their operations as they now stand, and in which this would be an easy "cop
out".)  I simply see too many possible problems with the proposal as I
understand it, and I see a high probability that the ISPs would 
implement it in
such a manner as to minimize their own costs (for example:  only Windows
machines would be allowed - OK, maybe Macs, but Linux and other non-MS
operating systems would be strictly verboten, and forget about running 
software they don't "support".)

There certainly could be some benefit to ISPs in limiting access to machines
that appear to be infected (as per Cefiar's suggestion), but I think 
they could
do this without a "Do Not Let Surf" TSA watch list-style database (and all the
extra administrative overhead that would entail -- because SOMEONE has to vet
the data, or else it becomes stale and unreliable.)  Maybe something like the
ORDB could be adopted, but again I would counsel caution, as it would be too
easy to null route "bad" users forever, which would again defeat the 
purpose of
the system.


Quoting Laura Vance <vancel at winfreeacademy.com>:

> The basic idea is very flexible, but it seems that all you are trying to
> do is dismiss it or shoot it down with statements that have already been
> addressed.  If you spent the same effort helping to cultivate the idea
> it would become a better system that could have ISPs jumping onboard.

More information about the list mailing list