> On Sep 26, 2016, at 7:58 PM, Christopher Morrow <morrowc.li...@gmail.com> > wrote: > > On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews <ma...@isc.org> wrote: > >> >> Giving them real time access to the anomalous traffic log feed for >> their residence would also help. They or the specialist they bring >> in will be able to use that to trace back the problem. >> >> > wouldn't this work better as a standard bit of CPE software capability? > wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE > and kept for ~30mins (just guessing) in a circular buffer be 'good enough' > to present a pretty clear UI to the user? > > ip/mac/vendor sending (webtraffic|email|probes) to destination-name > [checkbox] > <repeat> > > > select those youd' like to block [clickhere] > > This really doesn't seem hard, to present in a fairly straight forward > manner... sure 'all cpe' (or 'a bunch of cpe') have to adopt something > similar to this approach... but on the other hand: > "At least my ISP isn't snooping on all my traffic"
The UBNT Edgerouter series has this. You can get fancy graphs and application breakdown. Scroll down and check the images: https://help.ubnt.com/hc/en-us/articles/204951104-EdgeMAX-Deep-Packet-Inspection-Engine-for-EdgeRouter You can see the hosts that are doing traffic and the destinations. They even have a model that takes a SFP so you can use it as CPE for FTTH. - Jared
