Comments on: Service providers to patrol internet ? http://cryptocrats.com/security/service-providers-to-patrol-internet/ Mon, 12 Jan 2009 16:49:43 -0600 http://wordpress.org/?v=2.8.6 hourly 1 By: Mouse http://cryptocrats.com/security/service-providers-to-patrol-internet/comment-page-1/#comment-71 Mouse Sun, 13 Jul 2008 17:18:13 +0000 http://cryptocrats.com/2008/06/18/service-providers-to-patrol-internet/#comment-71 There are indeed end user privacy issues (e.g. people don't seem to like if police would search every visitor of their home). In addition, there are questions of (a) competency - do you really trust your half-clued ISP to do better job than you can in DETECTING and filtering out your inbound malicious traffic AND leaving alone what you need to see, and (b) ability - even if ISP's weren't half-clued, how likely is it for them to understand traffic peculiarities of every individual customer (private and corporate) to the point of being able to cull only the "bad" packets? Also, how is this filtering going to deal with SSL-protected traffic (and IPsec, etc)? Considering ever-increasing sophistication of the attacks and increasing tendency for attackers to try "flying under the radar" - I personally see little chance for an ISP to do something useful here. I understand the desire of ISP's to play a role bigger than "dumb pipe" and get a bigger cut of the Internet money pie - but this lead ball doesn't seem to fly well. Now snooping on "normal" legitimate customers and their traffic - that's totally possible, but it's a different topic altogether. There are indeed end user privacy issues (e.g. people don’t seem to like if police would search every visitor of their home). In addition, there are questions of (a) competency – do you really trust your half-clued ISP to do better job than you can in DETECTING and filtering out your inbound malicious traffic AND leaving alone what you need to see, and (b) ability – even if ISP’s weren’t half-clued, how likely is it for them to understand traffic peculiarities of every individual customer (private and corporate) to the point of being able to cull only the “bad” packets? Also, how is this filtering going to deal with SSL-protected traffic (and IPsec, etc)? Considering ever-increasing sophistication of the attacks and increasing tendency for attackers to try “flying under the radar” – I personally see little chance for an ISP to do something useful here.

I understand the desire of ISP’s to play a role bigger than “dumb pipe” and get a bigger cut of the Internet money pie – but this lead ball doesn’t seem to fly well.

Now snooping on “normal” legitimate customers and their traffic – that’s totally possible, but it’s a different topic altogether.

]]>