Re: DNS Changer items

[Andrew Fried <andrew.fried () gmail com>]

The DNS redirection began on November 8, 2011.  The servers were
instrumented to capture a very small portion of the dns data (source ip
and port only) so that reports of infected users could be sent to the
ISPs via reporting organizations like Shadowserver.

Some ISPs did create walled gardens.  Some merely redirected affected
customers to their own internal DNS servers.  Some ISPs did aggressive
notifications to their users.  And some ISPs did nothing.

Sites were set up to allow users to check their systems (dns-ok.us,
etc).  The DCWG set up an information site to provide information on how
to detect the DNSchanger infection and how to fix it.  AV companies
provided tools to help clean up systems, and the tools were published on
the DCWG.org website.

The FBI went to great lengths to get press coverage to get the word out.

This operation has been ongoing for 7 months, 27 days and 14 hours.

How much more of a graceful ramp down could there have been?

Andy

Andrew Fried
andrew.fried () gmail com


On 7/6/12 1:52 PM, Cameron Byrne wrote:
> So insteading of turning the servers off, would it not have been helpful to
> have the servers return a "captive portal" type of reponse saying "hey,
> since you use this server, you are broken, go here to get fixed"
>
> Seems that would have been a more graceful ramp down.
>
> CB