Home page logo

nanog logo nanog mailing list archives

Re: Port blocking last resort in fight against virus
From: "Christopher L. Morrow" <chris () UU NET>
Date: Wed, 13 Aug 2003 16:08:56 +0000 (GMT)

On Wed, 13 Aug 2003, Jack Bates wrote:

Christopher L. Morrow wrote:

This is the point, atleast I, have been trying to make for 2 years... end
systems, or as close to that as possible, need to police themselves, the
granularity and filtering capabilities (content filtering even) are
available at that level alone.

I agree with you Chris, but I also believe that temp filters do have a
role, even at backbones. One of my peers appears to be helping out my

the problem is, at the backbone level, its a very large hammer... and
often the peg is round while the hole is square :(

Honestly, it would be nice to offer different classes of service,
allowing user's that are semi-protected and user's that are free and
clear. The issue with doing so is dealing with the liability of

this is called 'managed firewall service' and some ISP's do a good
business with it, some even advertise their service and market it too! :)
There are some sticky points with managed firewall services that still
need ironing out (on a per-provider basis atleast) but its a great start,
and the filtering is done at the 'right' place, near the end node...

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]