nanog mailing list archives
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
From: Joe Greco <jgreco () ns sol net>
Date: Mon, 23 Jul 2007 15:00:57 -0500 (CDT)
On Mon, 23 Jul 2007, Joe Greco wrote:So how do you connect to the real IRC server, then? Remember that most end users are not nslookup-wielding shell commandos who can figure out whois and look up the IP.If those users are so technically unsophisticated, do you really expect the other users with infected computers to figure out how to disinfect their computer and remove the Bots instead? So you have potentially tens of thousands of infected computers with Bots making connections to an IRC server. You know many of those bots are well-known, old bots that have built-in removal commands. But 99% of those users don't have the technical knowledge to clean their machine themselves or know what a Bot is. On the other hand, you have 1% of users are sophisticated enough to use IRC servers. And a few percentage of overlap between the two groups. What do you do? a. nothing b. terminate tens of thousands of user accounts (of users who are mostly "innocent" except their computer was compromised) c. block all IRC d. redirect IRC connections to a few servers known to be used by Bots e. something else
e. something else. Because: a. is wrong. b. doesn't fix the problem, merely shoots yourself in the foot. c. is impossible, stupid, and pointless to try. d. has been proven to be implemented incompetently by Cox. e. includes solutions known to work, including walled gardens, etc. Again, you do not need to hijack someone else's domain name and redirect portions of their namespace at one of your own servers in order to fix this problem. Well, of course, that assumes that you're technically competent. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Multiple different ISPs respond to Bots (was RE: DNS Hijacking by Cox), (continued)
- Multiple different ISPs respond to Bots (was RE: DNS Hijacking by Cox) Sean Donelan (Jul 22)
- Re: Multiple different ISPs respond to Bots (was RE: DNS Hijacking by Cox) Matthew Sullivan (Jul 22)
- Re: DNS Hijacking by Cox Joe Greco (Jul 22)
- How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox) Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox) Leigh Porter (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Valdis . Kletnieks (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)