Re: Dutch ISPs to collaborate and take responsibility

[Joe Greco <jgreco () ns sol net>]

> On Oct 6, 2009, at 4:27 PM, Joe Greco wrote:
> > > Someone else pointed out that if the system in question has been
> > > botted/owned/pwn3d/whatever
> > > you want to call it, then, you can't guarantee it would make the 911
> > > call correctly anyway.
> >
> > I realize that many NANOG'ers don't actually use the technologies that
> > we talk about, so I'm just going to correct this:
> >
> > You seem to be under the mistaken assumption that most people using  
> > VoIP
> > do so using their computer.  While it kind of started out that way  
> > years
> > ago, it simply isn't so anymore.  Most VoIP services can be  
> > configured to
> > work with an analog telephony adapter, providing a POTS jack.  Most  
> > VoIP
> > services even provide one as part of the subscription, sometimes for a
> > fee.
>
> I do use VOIP, bot computer and non-computer based.  None the less, the
> fact remains that should any of my systems become compromised, my
> ability to make a VOIP phone call is in doubt regardless of what the
> provider does.

Well, /that's/ obviously not true.  Cable providers are already using
PacketCable NCS (read: "MGCP lightly modified") to provide completely
reliable QoS for their own VoIP-to-the-cablemodem products; you are
going to find it tough to impact the service level of such a device.

For general VoIP, there's no particularly good reason that the VoIP
traffic cannot be QoS'd / filtered to allow VoIP to continue to work
while gardening the remaining traffic from the customer.  That is
completely under the provider's control.  Since many of the CPE
devices actually have a programmable hardware ethernet switch, it is
even possible to do a lot of the work in hardware.

> Additionally the problems of DDOS sourced from a collection of  
> compromised
> hosts could be interfering with someone else's ability to make a  
> successful
> VOIP call.

I think the above addresses that.  There are always risks, of course.
The guy pruning tree branches down the street can knock down the cable
line, for example.  Of course, he probably takes out the phone lines
as well...  :-)

> Abuse sources should be blocked from impacting the rest of the network.

Sure.

> This blocking should be as narrow as possible.

Yes, that's my point.  We should be able to narrowly block compromised
hosts so that we don't screw up legitimate VoIP uses.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.