nanog mailing list archives
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking )
From: "Chris L. Morrow" <christopher.morrow () verizonbusiness com>
Date: Tue, 24 Jul 2007 21:15:57 +0000 (GMT)
On Tue, 24 Jul 2007, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Christopher Morrow <christopher.morrow () verizonbusiness com> wrote:I'd love to see CPE dsl/cable-modem providers integrate with a 'service' that lists out 'bad' things. it'd be nice if the user could even tailor that list (just C&C or C&C + child-porn or C&C older not than X days/hours/minutes) ... I think it might even help, and be vendoragnostic (from a provide and hardware) perspective.Ironically, that is exactly part of a product announcement that we (Trend Micro) are making on 30 July.
neat, if only our marketting folks would see such benefits :( good for you! :)
Since this topic arose, I saw Trend mentioned as a possible product "culprit" in this scenario, but it isn't. Yet. :-)
not a culprit so much as a way that this sort of dns redirection could have been done, in a vendor supplied/supported device even.
The particular service to be announced on Monday (BIS, or Botnet Identification Service), is nothing more than a BGP feed of _known_ and _vetted_ botnet C&Cs as /32s, intended to be a black-hole feed. Interested folks should either e-mail me off-list, or just wait for the official announcement on 30 July.
note that this will take out vhost systems... unless they are vetted off the list, which is certainly possible of course.
Current thread:
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking ) Paul Ferguson (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking ) Chris L. Morrow (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking ) Adrian Chadd (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking ) Chris L. Morrow (Jul 24)