On 7/31/2013 4:29 PM, Blake Dunlap wrote:
It works better to fix the design issues than to play whack a mole by blocking every imaginable service to your customers that responds to the public with data larger than a FIN. Like getting their providers to more proactively police their spew, manufactures to stop making negligent devices, or implementing more intelligent filter communication so the only option doesn't begin with calling your provider and asking them over the phone to block X ip for you since you're off the internet.
Maybe even look into liability laws for allowing said attacks to originate from your customers and not doing anything about it, or being manufacturer of said devices that harm others through their lack of due diligence implementing proper security. It's still way more effective than trying to fix the *last instance* of the problem, instead of it's reasons for enduring as an issue at a global scale.
The first time I became a pariah on NANOG was for postulating precisely that view--that if the originators of problems would stop, we would not have to figure out how to clean up after them. But I am past that now and out of work. But it does occur to me for the first time that I can recall, that maybe the tremendous efforts to Get Control Of The Intertubes could be suckered into doing some good, say be establishing a certification authority to test and certify the safety of designs (is Scott B????? still around) and devise a way to not permit traffic from uncertified devices or configurations. But after years of research I will tell you that there is no way to stop an avalanche once it has been released at the source. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)