On Tue, 28 Feb 2006, Bill Nash wrote:
>
> The simplest method is to issue a different gateway to
a registry of known
> offenders, forcing their into a restrictive environment
that blocks all
> ports, and uses network translation tricks to redirect
all web traffic to
> a portal.
>
> For cable modems and bridged DSL, you can do this with
DHCP, matching
> their MAC address. PPPOE/DSL or similiar, you match on
user name.
> Issue RFC1918 space with a gateway to your quarantine
network.
>
> The rest is NAT/PAT and w3proxy stunts. You could pull
it off with
> something as simple as iptables and squid, after
dealing with the DHCP or
> authentication servers (ala Radius) to issue to the
correct credentials.
>
yes, I could dream up a few hundred ways to accomplish this,
but the
'documentation' at the site referenced doesn't address
even one way. So,
saying 'it works' and 'it works for carriers' and 'yea
us!' is not
helpful, without some example of 'how' :(
> - billn
>
> On Tue, 28 Feb 2006, Christopher L. Morrow wrote:
>
> >
> >
> > On Tue, 28 Feb 2006, Jim Segrave wrote:
> >>
> >> www.quarantainenet.nl
> >>
> >> It puts them in a protected environment where
they can get cleaned up
> >> on-line without serious risk of re-infection.
They can pop their
> >> e-mail, reply via webmail, but they can't
connect to anywhere except a
> >> list of update sites.
> >
> > there was little in the way of 'how' in the link
above though :(
> >
>
|