RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox)

["Chris L. Morrow" <christopher.morrow () verizonbusiness com>]

On Mon, 23 Jul 2007 michael.dillon () bt com wrote:

> > Running email abuse desks for about a decade now makes me
> > tend to agree with you .. and completely unfiltered pipes to
> > the internet for customer broadband are a pipe dream, most places.
>
> If ISPs were able to standardize consumer Internet access services using
> a gateway box, then the necessary filtering could be done on the gateway
> which runs a secure OS. Of course its not too late to do this.
> Essentially all the consumer edge infrastructure needs to be upgraded to
> transition to IPv6. Rather than providing raw unfiltered Internet access
> over IPv6, ISPs could use a standard gateway box.

would you like that in black plastic? with a nice dial on top to spin? :)

> When I say "standardize", I mean that ISPs could collectively work out
> the specs for such an IPv6 Internet gateway in the IETF along with
> vendors and other interested parties. Once a standard spec is agreed
> upon, vendors will make such boxes at the price-point that you need.

I think that was discussed in v6ops actually just 5 mins ago.

> I would also expect that I can buy such a box and manage it myself if I
> choose, rather than having the ISP manage it for me as with most users.

but it connects to my network, and if you touch it you could damage my
network... we could maybe get some legislation to fix this...

> I would also expect the box to have no NAT, use real IPv6 addresses, and
> provide various firewall features to protect my home network better than
> an IPv4 NAT box without preventing me from using new peer-to-peer
> protocols like SIP.

See the v6ops draft on CPE security... maybe that's a step in the right
direction? I'm sure the author would like some commentary.