-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Sean Donelan <sean@donelan.com> wrote:

MAAWG is useful for particular subjects, not as useful for other subjects. I expect the same will be true for any forum.

What is the appropriate mechanism within NANOG? I mean, given previous topics covered in the NANOG security BoFs, it would appear that a lot of attention has been given to statistical analysis of DDoS flows traffic, securing infrastructure, etc. -- all of which are honorable & desired goals. But what about involvement of incident reporting (and responding?), that is inclusive of the Internet community at-large? NSP-Sec is clearly a "closed" community which excludes many of the organizations who could actually help contribute intelligence, work with law enforcement, and make a positive difference. My opinion is that the ISP community, by and large, tend to say that they are dealing with the situation, and are willing to address these issue, yet in reality they tend to minimize the issues and sweep it under the rug because it is not in their financial interests to enagage them, or it doesn't jive with their "existing processes". So I ask you, how do we address this situation? Instead of being an apologist for the problem, how would _you_ suggest we address these process, procedural, and organizational issues? I consider this to be way beyond the boiling point, and an issue that we all need to address -- and engage. Thanks, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHisZWq1pz9mNUZTMRAgahAJ9TxYI3q9FS+KlQvCLytVNqlEaHKQCg5Xev MzJItZoHM8rbUs3UbBewA2w= =SyBg -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/