Dutch ISPs to collaborate and take responsibility for botted clients

Justin Shore justin at justinshore.com
Mon Oct 5 14:04:12 UTC 2009


Gadi Evron wrote:
> Apparently, marketing departments like the idea of being able to send 
> customers that need to pay them to a walled garden. It also saves on 
> tech support costs. Security being the main winner isn't the main 
> supporter of the idea at some places.

I would love to do this both for non-pays and security incidents.  I'd 
like to do something similar to let customers update their provisioning 
information for static IP changes so cable source verify doesn't freak 
out.  Unfortunately I haven't been able to find any open source tools to 
do this.  I can't even think of commercial ones off the top of my head.

It's a relatively simple concept.  Some measure of integration into the 
DHCP provisioning system(s) would be needed to properly route the 
customer's traffic to the walled garden and only to the walled garden. 
Once the problem is resolved the walled garden fixes the DHCP so the 
customer can once again pull a public IP and possibly flushes ARP caches 
if your access medium makes that a problem to be dealt with.

I would think that the walled garden portion could be handled 
well-enough with Squid and some custom web programming to perform tasks 
to reverse the provisioning issues.  I'm sure people have written 
internal solutions for SPs before but I haven't found anyone that has 
made that into an OSS project and put it on the Web.  I'd love to make 
this a project but there is little financial gain to my small SP so if 
it costs much money it won't get management support.

Justin







More information about the NANOG mailing list