Seriously though- why do we keep blaming the infrastructure for the mind boggling stupidity of users?
There will always be users that don't understand technology. You call them stupid, I call them mom & dad, brother & sister. If you maintain the attitude that it is the 'stupid' users fault the Internet is insecure then you will never see a secure Internet. The Infrastructure must be able to protect itself from its users. It isn't that hard to throw a outbound port 25 filter on your edge and force all of your users to send mail through your mail server. It isn't that hard to require SMTP_AUTH for all mail transactions on that server. It also isn't that hard to deploy a snort box to look for 'bad' traffic and kick the users PPPoE session offline. We need a 'drivers license' for the 'information super highway' companies/ISPs must be able to show a certain level of competency before they can buy bandwidth from the 'Internet'. If they don't have that competency then they need to purchase it from an ISP that can provide the competency. It is the ISPs job to protect the network from its users (IMHO). If it really concerns you, protect your corner of the IP world, run an IDS find the 'bad' traffic and dynamically update your BGP sessions to null route the ASNs you don't feel 'do the right thing'. If you get good enough at it maybe you could publish a eBGP feed of the 'ASNs I don't like' and people can subscribe to it. Sure there will be some pain, but when you swing a big axe, there is bound to be some blood. -Matt -- Matthew S. Crocker President Crocker Communications, Inc. Internet Division PO BOX 710 Greenfield, MA 01302-0710 http://www.crocker.com