Dutch ISPs to collaborate and take responsibility for botted clients
Nathan Ward
nanog at daork.net
Mon Oct 5 23:43:58 UTC 2009
On 6/10/2009, at 3:04 AM, Justin Shore wrote:
> Gadi Evron wrote:
>> Apparently, marketing departments like the idea of being able to
>> send customers that need to pay them to a walled garden. It also
>> saves on tech support costs. Security being the main winner isn't
>> the main supporter of the idea at some places.
>
> I would love to do this both for non-pays and security incidents.
> I'd like to do something similar to let customers update their
> provisioning information for static IP changes so cable source
> verify doesn't freak out. Unfortunately I haven't been able to find
> any open source tools to do this. I can't even think of commercial
> ones off the top of my head.
>
> It's a relatively simple concept. Some measure of integration into
> the DHCP provisioning system(s) would be needed to properly route
> the customer's traffic to the walled garden and only to the walled
> garden. Once the problem is resolved the walled garden fixes the
> DHCP so the customer can once again pull a public IP and possibly
> flushes ARP caches if your access medium makes that a problem to be
> dealt with.
>
> I would think that the walled garden portion could be handled well-
> enough with Squid and some custom web programming to perform tasks
> to reverse the provisioning issues. I'm sure people have written
> internal solutions for SPs before but I haven't found anyone that
> has made that into an OSS project and put it on the Web. I'd love
> to make this a project but there is little financial gain to my
> small SP so if it costs much money it won't get management support.
Do you currently drop them in to a VRF to get them to the Internet?
If so, do that, but a different VRF for the walled garden.
--
Nathan Ward
More information about the NANOG
mailing list