Home page logo

bugtraq logo Bugtraq mailing list archives

"Association of Responsible Internet Providers"?
From: david () FASTOLFE NET (David Nesting)
Date: Tue, 15 Feb 2000 14:58:37 -0600

With all of the focus on DDoS attacks lately, complaints of poor contact
availability, etc., I began thinking again about an idea I had.  If this
has been attempted before (and apparently failed), my apologies, but it
seems like this could be workable and desirable.

Let's say we create a non-profit organization ("Association of Responsible
Internet Providers", for example), and loosely certify ISP's and other
access providers (including companies and universities -- anyone that
provides 'Net access to a group of people) as being "responsible" in
that they have working, 24-hour emergency contacts, have taken steps to
eliminate or curb abuse of their services (such as filtering), and perhaps
any of a dozen other conditions that one might assume any "responsible"
provider will comply with (including, say, a public anti-spam policy and
an aggressive policy to ensure exposed systems are up to date with patches
and security fixes).  Any member of this organization presumably would
have taken all necessary steps to ensure that they will be cooperative and
available for investigations (such as spoofed IP tracing), and generally
will make every effort to place the good of the Internet first.

If we can publicize the organization, and get it through to customers
and ISP's alike that such a certification is desirable, people will
begin demanding that their own providers be members.

Would there be any interest in such an organization?

Dues, if any, would be just enough to keep a modest staff (volunteers
at first?) up with applications and periodic compliancy checks where
possible.  We'd also need to figure out what precisely would be required
of members, keeping in mind that some conditions could change in a
relatively small amount of time as new types of Internet threats evolve.

It's been suggested that lesser ISP's with little funds to spare for
extras like security and responsibility will be unable to comply with
terms like these.  Would it be fair to prevent them from joining such
an organization?  I personally think it would be quite fair, but it's
an issue that might need a bit of further probing.



 == David Nesting WL7RO Fastolfe david () fastolfe net http://fastolfe.net/ ==

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]