Re: Dutch ISPs to collaborate and take responsibility for botted clients

[Nathan Ward <nanog () daork net>]

On 6/10/2009, at 3:04 AM, Justin Shore wrote:

> Gadi Evron wrote:
> > Apparently, marketing departments like the idea of being able to  
> > send customers that need to pay them to a walled garden. It also  
> > saves on tech support costs. Security being the main winner isn't  
> > the main supporter of the idea at some places.
>
> I would love to do this both for non-pays and security incidents.   
> I'd like to do something similar to let customers update their  
> provisioning information for static IP changes so cable source  
> verify doesn't freak out.  Unfortunately I haven't been able to find  
> any open source tools to do this.  I can't even think of commercial  
> ones off the top of my head.
>
> It's a relatively simple concept.  Some measure of integration into  
> the DHCP provisioning system(s) would be needed to properly route  
> the customer's traffic to the walled garden and only to the walled  
> garden. Once the problem is resolved the walled garden fixes the  
> DHCP so the customer can once again pull a public IP and possibly  
> flushes ARP caches if your access medium makes that a problem to be  
> dealt with.
>
> I would think that the walled garden portion could be handled well- 
> enough with Squid and some custom web programming to perform tasks  
> to reverse the provisioning issues.  I'm sure people have written  
> internal solutions for SPs before but I haven't found anyone that  
> has made that into an OSS project and put it on the Web.  I'd love  
> to make this a project but there is little financial gain to my  
> small SP so if it costs much money it won't get management support.

Do you currently drop them in to a VRF to get them to the Internet?

If so, do that, but a different VRF for the walled garden.

--
Nathan Ward