Here's an inspiring idea from InfoWorld's Roger Grimes: To combat escalating online anarchy, let's build an Internet-wide early warning system that alerts organizations immediately when a malicious event has been detected.

The "Internet health service," as Grimes dubs it, would be a free, centralized reputation service populated by trusted participants who would post alerts, such as "IP address x.x.x.x is currently serving up a botnet," at a central location. Alerts could also warn participants when a given company is being attacked by a spam worm so that incoming email can be reviewed more thoroughly. Anybody could ask about the health status of any Internet origination point or destination.

In Grimes's vision, an organization's email service could send a one-packet query to the service to check whether a sender's domain is in good health. Organizations could establish policies for handling incoming traffic depending on how malevolent a reported event is. The degree of malevolence could be determined by a mix of variables, including security policies, authentication procedures, patch status and track record of health.

The system would be much more fine-tuned than IP address blocking. "I know people who want to block wholesale a particular country's IP address space because they are tired of all the maliciousness coming from that nation. But why throw the good out with the bad?" Grimes writes. "What they truly want is an easy way to see if the traffic is originating from a good, healthy part of that country versus one of the thousands of bad IP addresses."

The idea may not be so far-fetched. As Grimes points out, antivirus vendors already have feeds in place that alert them about malicious traffic. "That information could easily be shared with the world, immediately and for free, from a DNS-like service," he writes.

For more:
- see Roger Grimes's post at InfoWorld

Related Articles:
Six new tricks from hackers
Trend Micro bumps a Zeus botnet server off the Net