[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"
- To: "Livingood, Jason" <[email protected]>, Martin Thomson <[email protected]>
- Subject: Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"
- From: Gunther Nitzsche <[email protected]>
- Date: Tue, 6 Jun 2017 16:08:10 +0200
- Archived-at: <https://mailarchive.ietf.org/arch/msg/captive-portals/rgho7-CTNNakiGmcsiMXzZunX_0>
- Authentication-results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netcologne.de
- Cc: Heiko Folkerts <[email protected]>, Warren Kumari <[email protected]>, "[email protected]" <[email protected]>, "Herzig, Willi" <[email protected]>, Dave Dolson <[email protected]>
- Delivered-to: [email protected]
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=netcologne.de; s=nc1116a; t=1496758091; bh=k9w1TcMc0E7SlrPV3EKe6ZhgbX8yvVHl7W66ztOJcpE=; h=Subject:To:References:Cc:From:Message-ID:Date:In-Reply-To:From; b=R0oUnWfoM/Lxp+ZLjauxqoE0g06E7x9idViU5PdnclVUjQSTyTi97Q5pv1I5yHe57 nJPbKDL0WT2qGFEsoKwwUjeDRoLBZq9JwCjYrMGQnKc6lXpfLXAHt1iqkA7V9eA1V/ q9DgrqNK24cAju/4/V7A7p5maE0c0nzrG/P8b0c8FuZG5qu6ZQ/DeSeij6M2AzJZhe YxCmCFhERcatYmKfa4nARy31qW7pjJ4OyvrS4A8Y4qij2HpYNUhI6WiSe8vXZrPKwU q23DtdNyCTg6Nt1xTXss6Lfg8toYMQHJZ3/GARVQfAQUnLRsOmhs2NH3nMuSEOMHRM x9d3tDggrc/Pg==
- In-reply-to: <[email protected]>
- List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
- List-help: <mailto:[email protected]?subject=help>
- List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>
- List-post: <mailto:[email protected]>
- List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>
- List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>
- References: <[email protected]> <E8355113905631478EFF04F5AA706E98705C6C57@wtl-exchp-1.sandvine.com> <CAHw9_iJARf4MUA8nHqHA54jLvJNq-_Vek67A-rjHpSK6vC7r+Q@mail.gmail.com> <[email protected]> <CABkgnnWT6Xtqyx6pofpNOGa5E1FjJO1gPX1axmmiRaMnzxdoPg@mail.gmail.com> <[email protected]>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
On 02.06.2017 14:47, Livingood, Jason wrote:
> [JL] But let me summarize the malware/hacked IoT device use case. A computing device is compromised and being used as part of a DDoS attack (a la the Dyn attack) or sending spam or doing keylogging or whatever. One alternative is to put them in a walled garden with CAPPORT whereby they have no access from any device in the home or, if the network architecture can do it, no access for only that specific device (other
> The CAPPORT walled garden page would direct the device(s) or user(s) to a page explaining what the malware is and how to remediate, for example.
..And how to get out of the walled garden. (nobody wants to stay there )
> Another alternative is a method to direct a device to a page / deliver a message about this malware issue without otherwise affecting or constraining their Internet access. In this alternative method, the objective is to get a critical security message to the user (e.g. Device X has malware Y and needs to be fixed ASAP) while not affecting things like gaming, OTT voice, OTT video, etc.
This alternative is no option. The device in question seems to be a real
danger for
other internet users and also for the device owner himself (like data
loss..).
Letting traffic be unaffected by a walled garden means that a
participation in
e.g. a DDoS attack will go on. A differentiation between "internet" and
"voice" should be made though.
(skype would be considered as internet use) A POP-UP window or
notification during gaming / trading /
whatsoever will just be ignored or delete-clicked or not even noticed
because of not having a browser like tool.
But that is a topic for a different mailinglist - "how to react to
internet abuse". MAAWG and others are
discussing this for many years now ..:) We do stop internet access in
case of abuse immediately
and have therefor built our own form of walled garden; others may have a
more tolerant view or just
have bad contracts with their customers :/
So it seems we agree that there are valid reasons for walled gardens -
now we should concentrate
on *how* to implement this in the best way.
(the 511 error page does not seem to be the worst variant.. if the user
sees an error in the browser
then the next reload puts him to the correct walled garden page)
best greetings,
Gunther
NetCologne Systemadministration
--
NetCologne Gesellschaft für Telekommunikation mbH
Am Coloneum 9 ; 50829 Köln
Geschäftsführer:
Timo von Lepel,
Mario Wilhelm
Vorsitzender des Aufsichtsrates:
Dr. Andreas Cerbe
HRB 25580, AG Köln