-----BEGIN PGP SIGNED MESSAGE-----
MAAWG is useful for particular subjects, not as useful for other subjects.
I expect the same will be true for any forum.
What is the appropriate mechanism within NANOG?
I mean, given previous topics covered in the NANOG security BoFs,
it would appear that a lot of attention has been given to statistical
analysis of DDoS flows traffic, securing infrastructure, etc. -- all
of which are honorable & desired goals.
But what about involvement of incident reporting (and responding?),
that is inclusive of the Internet community at-large?
NSP-Sec is clearly a "closed" community which excludes many of the
organizations who could actually help contribute intelligence, work
with law enforcement, and make a positive difference.
My opinion is that the ISP community, by and large, tend to say that
they are dealing with the situation, and are willing to address
these issue, yet in reality they tend to minimize the issues and
sweep it under the rug because it is not in their financial interests
to enagage them, or it doesn't jive with their "existing processes".
So I ask you, how do we address this situation?
Instead of being an apologist for the problem, how would _you_
suggest we address these process, procedural, and organizational
I consider this to be way beyond the boiling point, and an issue
that we all need to address -- and engage.
- - ferg