On Oct 6, 2009, at 4:27 PM, Joe Greco wrote:
Someone else pointed out that if the system in question has been botted/owned/pwn3d/whatever you want to call it, then, you can't guarantee it would make the 911 call correctly anyway.
I realize that many NANOG'ers don't actually use the technologies that we talk about, so I'm just going to correct this:
You seem to be under the mistaken assumption that most people using VoIP do so using their computer. While it kind of started out that way years ago, it simply isn't so anymore. Most VoIP services can be configured to work with an analog telephony adapter, providing a POTS jack. Most VoIP services even provide one as part of the subscription, sometimes for a fee.
I do use VOIP, bot computer and non-computer based. None the less, the fact remains that should any of my systems become compromised, my ability to make a VOIP phone call is in doubt regardless of what the provider does.
Well, /that's/ obviously not true. Cable providers are already using PacketCable NCS (read: "MGCP lightly modified") to provide completely reliable QoS for their own VoIP-to-the-cablemodem products; you are going to find it tough to impact the service level of such a device. For general VoIP, there's no particularly good reason that the VoIP traffic cannot be QoS'd / filtered to allow VoIP to continue to work while gardening the remaining traffic from the customer. That is completely under the provider's control. Since many of the CPE devices actually have a programmable hardware ethernet switch, it is even possible to do a lot of the work in hardware.
Additionally the problems of DDOS sourced from a collection of compromised hosts could be interfering with someone else's ability to make a successful VOIP call.
I think the above addresses that. There are always risks, of course. The guy pruning tree branches down the street can knock down the cable line, for example. Of course, he probably takes out the phone lines as well... :-)
Abuse sources should be blocked from impacting the rest of the network.
Sure.
This blocking should be as narrow as possible.
Yes, that's my point. We should be able to narrowly block compromised hosts so that we don't screw up legitimate VoIP uses. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.