nanog mailing list archives
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
From: Joe Greco <jgreco () ns sol net>
Date: Mon, 23 Jul 2007 16:06:58 -0500 (CDT)
On Mon, 23 Jul 2007, Joe Greco wrote:"Some privacy advocates" will be upset with ISP's doing what Cox is doing. Maybe you missed that. If we assume that it is okay for Cox to actually intercept the IRC sessions of their users, we're wayyyy far into that mess anyways. I'm saying "do it right" if you're going to do it at all.Would it be better if ISPs just blackholed certain IP addresses associated with Bot C&C servers instead of trying to give the user a message. That doesn't require examining the data content of any messages. The user just gets a connection timeout.
Compared to hijacking DNS and intercepting sessions? Yes. Absolutely. See, it isn't that hard to come up with better ideas.
Personally, I'd prefer that they didn't do it, but that set of solutions is more complex.So it is better for ISPs to do nothing, than attempt something that isn't perfect.
Well, that's not what I said, now, is it. I did say that there's a set of solutions out there to deal with that.
Thanks. I'll remember that the next time someone complains about ISPs not caring about abuse or bots on networks.
Interestingly enough, some of us care. Some of us care enough to run clean networks AND to make sure that what we're selling isn't compromised by deliberate DNS hijackings and site redirections. Hmm. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking, (continued)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking David Schwartz (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Chris L. Morrow (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Suresh Ramasubramanian (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Valdis . Kletnieks (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Stephen Wilcox (Jul 24)
- RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Raymond L. Corbin (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Roland Dobbins (Jul 24)