On Sat, 5 Aug 2006, Danny McPherson wrote:
Right, hence my point. By and large, SPs don't have the time or resources to police the greater Internet, and therefore, they respond in a very reactive fashion when some malicious activity *that* warrants action dictates. Taking out known botnet C&C infrastructure is more proactive and at least from my perspective, continues to yield a discernible impact.
Even assuming SPs had the time and the resources, its not always clear what actions should be considered acceptable for SPs to do. If resources were the only issue, making this another "War on X" and throwing lots of money at the problem would be the answer. But that's not the right answer. People/customers seem to get just as upset with "proactive" SPs as they do with "unactive" SPs. Even if it was possible to run the Internet like the most secure closed corporate network, is that what people actually want? I know lots of vendors that would be more than happy to sell SPs lots and lots of security stuff to achieve that ;-) Hopefully, by their nature SPs will always be a bit reactive. Unless I want them to, I don't want SPs messing with my traffic. Its my right to connect anything I want, send anything I want, do anything I want with my Internet connection. On the other hand, when I do complain I want the SP to instantly be able to stop anything I don't want, even when I don't know what it is, and be able to track every bad thing that every happened even before I knew it was bad but not keep records of what anyone has done. And of course, I don't think I should pay extra for it. Railroads have the railroad police. The Post Office has postal inspectors. Do we want to give ISP security the power to arrest people? There are probably some security officers at SPs that would love to bust some doors down and slap handcuffs on a few people.