How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox)

Mon Jul 23 19:48:40 UTC 2007

On Mon, 23 Jul 2007 michael.dillon at bt.com wrote:

>
> > Running email abuse desks for about a decade now makes me
> > tend to agree with you .. and completely unfiltered pipes to
> > the internet for customer broadband are a pipe dream, most places.
>
> If ISPs were able to standardize consumer Internet access services using
> a gateway box, then the necessary filtering could be done on the gateway
> which runs a secure OS. Of course its not too late to do this.
> Essentially all the consumer edge infrastructure needs to be upgraded to
> transition to IPv6. Rather than providing raw unfiltered Internet access
> over IPv6, ISPs could use a standard gateway box.

would you like that in black plastic? with a nice dial on top to spin? :)

>
> When I say "standardize", I mean that ISPs could collectively work out
> the specs for such an IPv6 Internet gateway in the IETF along with
> vendors and other interested parties. Once a standard spec is agreed
> upon, vendors will make such boxes at the price-point that you need.

I think that was discussed in v6ops actually just 5 mins ago.

>
> I would also expect that I can buy such a box and manage it myself if I
> choose, rather than having the ISP manage it for me as with most users.
>

but it connects to my network, and if you touch it you could damage my
network... we could maybe get some legislation to fix this...

> I would also expect the box to have no NAT, use real IPv6 addresses, and
> provide various firewall features to protect my home network better than
> an IPv4 NAT box without preventing me from using new peer-to-peer
> protocols like SIP.

See the v6ops draft on CPE security... maybe that's a step in the right
direction? I'm sure the author would like some commentary.