My inbox overflows with complaints about the analogy
and, undoubtedly, you think your isp should block that traffic. :-)/2
Hopefully, the appliances (e.g. MS Windows) will get better over time, but in the meanwhile, how do we limit the damage?
If user education is the answer, then let the user get educated enough to figure out he's NAT'ed and proxied, and then ask to have the raw IP service.
how is the user going know the brokenness you net vigilantes propose to impose from the brokenness the other miscreants impose? tell us, john, when you were at xo and gt&e, how much did you educate your users as to to the perils of running open; how much education and notification did you give them about applying security patches; ...? perhaps before we screw 'em we could give 'em a bit of sex ed? just to bore you, i'll repeat a bit from a couple of days ago. randy --- From: Randy Bush <randy@psg.com> Date: Fri, 11 Jun 2004 16:37:27 -0700 To: Henry Linneweh <hrlinneweh@sbcglobal.net> Cc: nanog@merit.edu Subject: RE: Even you can be hacked yes, we're gonna hack desperately for a decade to make up for asecure (innocent of, as contrasted with devoid of, security) application protocols and implementations. it'll take half that time for the ivtf and the vendors to realize how deeply complexity is our enemy. and until then we'll hack everywhere in our desperation. but in the long run, i don't think we can win with an active middle. the problem is that the the difference betwen good traffic and bad traffic is intent. did the sender intend to send / reveal those data? did the recipient wish to receive them? and, i don't think we can stand in the middle and judge. and there's the rub. ...