On Thu, 02 Nov 2000 12:28:19 PST, Alexei Roudnev said:

Just again - what's about an attempt to creta e ISP association which - - promise to do ingress filtering

It's already an IETF BCP, all clued ISP's should be doing it already - the problem is the *unclued* ISPs, which will neither do ingress/egress filtering, nor join any ISP association.. Hint: How many of those ISPs do we hear from on NANOG? ;)

- promise to do active filtering

"active filtering" in what meaning? You have to be careful here, to avoid a DOS attack by triggering active filtering...

- promise to investigate any case

Would "investigate" include the form letter I send out whenever I get a complaint that one of our NTP servers is trying to hack through somebody's firewall on ports 13, 37, and 123? Our CIRT is just basically 5-6 people who do security on top of everything else. We have to perform triage - in the last week, we got the disk drive of a compromised system into an evidence bag within 3 hours or so of our first notification there was a problem. On the other hand, we most certainly do *NOT* guarantee that level of response unless it's a very high profile incident. I'm sure the situation is similar at every other site out there.... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech