In message <CAF-Wqd5sO0x5muw6uPDxMXd+h1ebCCtL9Ke9uMEc7k364OfHLA@mail.gmail.com> Ken Matlock <matlockken@gmail.com> wrote:
- End users need to have ways to easily see what's going on over their local networks, to see botnet-like activity and DDoS participation (among other things) in a more real-time fashion
This is an interesting point. I'm not actually an ISP guy, although I do play one on TV. Anyway, I hope nobody will begrudge me if I make a couple of brief points, and then ask a rather naive question. Point: I have a DSL line which is limited to 6Mbps down and 756Kbps up. My guess is that if any typical/average user is seen to be using more than, say, 1/10 of that amount of "up" bandwidth in any one given 10 minute time period, then something is really really REALLY wrong. Point: I am already signed up with various services which will send me automated emails whenever certain events occur, e.g. when the price of 2TB WD Black drives falls below my personal threshold value. Point: My ISP knows my email address. Question: Could ISPs set something up so that each customer broadband line is continuously and individually monitored, and so that an automated email would be automagically dashed off to the customer if that customer's "up" bandwidth in some time period exceeded a value which, for that ISP, is deemed "reasonable"? (I envision the hypothetical email messages in question would consist of a non-threatening warning to the customer which would include a link to a web page where there would be a list of common things end-lusers should check for in such circumstances, along with detailed and clear instructions for how to check for each, and also a "don't ever bother me with these warnings again" checkbox, and perhaps even a friendly slider where the end-luser could adjust his personal warning threshold value, for the future.) Of course, any ISP that desperately -never- wants to receive -any- end- luser support calls quite certainly won't like this scheme. But I'm not sure that that fact alone would utterly disqualify the idea from being useful in some contexts. The real question is: Is anything even remotely along these lines even possible with existing commonly used ISP infrastructure? (If not, then just forget I mentioned it.) Regards, rfg P.S. One possible big advantage to the kind of system described above is that if an ISP received a complaint about a given customer, alleging that the customer is running a bot, then the ISP could go and look at the warning settings for that customer. If that's already been set to "don't ever bother me', then the ISP can disconnect the customer, and when the customer inevitably saquaks about that, the ISP can respond and say "We told you so."