On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews <ma...@isc.org> wrote: > > Giving them real time access to the anomalous traffic log feed for > their residence would also help. They or the specialist they bring > in will be able to use that to trace back the problem. > > wouldn't this work better as a standard bit of CPE software capability? wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE and kept for ~30mins (just guessing) in a circular buffer be 'good enough' to present a pretty clear UI to the user?
ip/mac/vendor sending (webtraffic|email|probes) to destination-name [checkbox] <repeat> select those youd' like to block [clickhere] This really doesn't seem hard, to present in a fairly straight forward manner... sure 'all cpe' (or 'a bunch of cpe') have to adopt something similar to this approach... but on the other hand: "At least my ISP isn't snooping on all my traffic"
