On Fri, 16 Feb 2007, J. Oquendo wrote:
After all these years, I'm still surprised a consortium of ISP's haven't figured out a way to do something a-la Packet Fence for their clients where - whenever an infected machine is detected after logging in, that machine is thrown into say a VLAN with instructions on how to clean their machines before they're allowed to go further and stay online.
All very nice. This sort of things has been detailed a few dozen times by various people. Doing this is not hard from a technical point of view (which isn't to say it won't cost a lot of money to impliment). The hard bit is creating a business case to show how spending the money to impliment it and then wearing the cost of pissed off customers results in a net gain to the bottom line. If someone could actually do a survey to show how much each bot infested customer is costing their ISP then people might be able to do something. Right now AFAIK an extra 10,000 botted customers costs the average ISP no more than a dozen heavy p2p users. On the other hand Port 25 filtering probably is something that has low enough negatives vs the positives for people to actually do. -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.