GR> Date: Mon, 14 Jun 2004 21:47:49 -0400 GR> From: George Roettger GR> Virus infections are a day to day occurance, not some And being the status quo justifies something how? GR> critical emergency DOS condition and they should be handled GR> with concern but not panic. Customers are the priority, not GR> everyone else on the net. If you can't stand up to 4 port GR> probes then you don't belong on todays internet. Four port probes per day? It's been the better part of a decade since I saw that... and, back in those days, I actually _called_ many of the domestic networks that were attempting funny business. (You'd not believe how many network admins were on vacation...) Rather than waving my hands at vague concepts, I'll set forth a few hypothetical data points: * You have an infected machine that has absolutely no chance of harming anyone else. Should you care? ("Yes" reflects concern about the customer; "no" is the Internet-minded attitude.) At any rate, disconnection would be foolish. * That customer will infect one other system per month. It would be nice to stop that, but disconnection would be overly harsh. * I have an infected machine that pounds out attacks and exploits at high speeds, hurting thousands of systems hourly. Would you like it shut off? Probably. Do you not agree that this is grounds for disco/throttling/proxy -- at least temporarily? If you don't agree with me on the extremes, I think you're nuts. If you agree with me on the extremes, then we're arguing over where the boundaries should be. The problem is one of leverage: One compromised system can affect hundreds, thousands, or even tens of thousands of others. It's far easier to quell _one_ infected system at the source than it is for even two (let alone orders of magnitude higher) other people to deal with the fallout when they're hit. Is your { customer | time | whatever } more valuable than the aggregate of those who suffer? If you think so, that's arrogant even for NANOG. Yes, we've lost customers who refused to take care of their systems. We've also gained other customers and consulting clients who appreciate the "try to keep things clean" mentality. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.