Schneier: ISPs should bear security burden

Mailman List Mirror (Read Only)
1

[In the message entitled "Re: Schneier: ISPs should bear security burden" on Apr 28, 10:20, "Steve Sobol" writes:]

There are some basic rules of thumb you can use. The problem is that they're
not guaranteed to work. The best solution was created years ago (Gordon
Fecyk's DUL, which lists IP ranges the ISPs specifically register as
dynamic/not supposed to host servers) and eventually came under the purview of
Kelkea/MAPS, but there wasn't a ton of ISP buy-in. If we could create a
similar list and actually get ISPs to register the appropriate netblocks (and
not mix in IPs where servers are allowed, and IPs where they aren't, in the
same block), that'd be great.

Dunno what a ton of ISP buy-in is, but the MAPS DUL now contains about
190,000,000 entries. We've been working on it very hard for the last year or
two. Most ISP-level subscribers figure it stops a pretty large percentage of
the compromised-home-computer spam.

2

Well, that's it then: "for the last year or two" - I don't recall a lot of
entries being on the DUL in its original incarnation. (Not for lack of
trying.)

3

Ok, so here's a question for your, Dave:

do you have a procedure for entertaining requests to be excluded from
your replies from people with legitimate needs to operate MTA's, who
have been given (let us say) static addresses by their providers which
fall within a range you understand to be dialup?

(I'm assuming you include cable and DSL end-user address pools; this is
the sort of thing I'm asking about.)

Cheers,
-- jra