I agree that shutting off infected users is a tough thing for an ISP to do unilaterally in a competitive environment. This is at least a step forward in network hygiene and I'm not impressed with the notion that this sets up spoof messages; you could say the same thing about any communications from an ISP. How else should Comcast notify users? This seems like a good one to me.
I presume that they pick users to notify retrospectively based on behavior monitoring on their own network. Take the "shut them down" argument one step further: Implement NAC on the network. Move violators into 802.11 walled gardens until they remediate. If you're going to do this you need to know if they have remediated, so you may as well implement the core part of NAC, test clients before they have connected to the network. What do you test them for? This is a policy question, but the things enterprises do when they implement NAC are test for current patch level and installation of AV with current signatures. You could also check application levels (Flash, Office), you could do some actual pen testing. I haven't looked at them closely in a while, but my memory was that all the good NAC systems use a client agent. This is just the last nail in the coffin of practicality for this approach for ISPs. Maybe many years from now the White House Office of Internet Security Dictatorship will be able to implement such a thing. How about a voluntary system? If an ISP offered a "clean" network with rules like this would there be any value to opting in to it? Larry Seltzer Contributing Editor, PC Magazine larry_selt...@ziffdavis.com http://blogs.pcmag.com/securitywatch/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.