[95018] in North American Network Operators' Group
Re: botnets: web servers, end-systems and Vint Cerf
daemon@ATHENA.MIT.EDU (Gadi Evron)
Sat Feb 17 19:48:12 2007
Date: Sat, 17 Feb 2007 18:44:04 -0600 (CST)
From: Gadi Evron <ge@linuxbox.org>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.64.0702171916190.21531@clifden.donelan.com>
Errors-To: owner-nanog@merit.edu
On Sat, 17 Feb 2007, Sean Donelan wrote:
>
> On Sat, 17 Feb 2007, Petri Helenius wrote:
> >> After all these years, I'm still surprised a consortium of ISP's haven't
> >> figured out a way to do something a-la Packet Fence for their clients where
> >> - whenever an infected machine is detected after logging in, that machine
> >> is thrown into say a VLAN with instructions on how to clean their machines
> >> before they're allowed to go further and stay online.
> > This has been commercially available for quite some time so it would be only
> > up to the providers to implement it.
>
> Public ISPs have been testing these types of systems for over 5 years.
> What sorts of differences can you think of that would explain why public
> ISPs have found them not very effective?
>
> Public ISPs have been using walled gardens for a long time for user
> registration and collecting credit card information. So they know how to
> implement walled gardens. But what happens when public ISPs use it for
> infected machines?
>
Many already do, successfully.
When I say many I actually mean I know of 6. 3 of them huge, 3 of them
relatively small.
