> Stop trying to fix things in the core - it won't work, honest - and start
> trying to fix things closer to the edge where the actual problem is.
Thing is, the problem IS in the core. DNS is no longer just being abused,
it is pretty much an abuse infrastructure. That needs to be fixed if
security operations on the Internet at their current effectiveness
(which is low as it is) are to be maintained past Q4 2007-Q2 2008.
And as I said tongue in cheek before - so is IP. Where do you draw the line?
> I view this kind of thing as an operational issue insomuch as it might
> affect my network - but malware writers are botnet operators are smarter
> than they once were and aren't nearly as "spray your mark everywhere as
> quickly as possible" as exploits used to be.
As to malware:
Protect against malware on your network, this isn't what this is
about. It's about your network's security being reliant on someone half
way across the world taking care of it.
For the few I'm currently responsible for; you can be absolutely certain
my network security is reliant on me, not someone else.
I'm trying to push out the "You've got to be responsible for what you send
just as much as what you receive" out to clients who only seem to take
notice after their first spam blacklisting, or sneaky malware infection.
Have you tried pursuing the root cause of all of this horribleness -
badly written software?