nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking

From: "Chris L. Morrow" <christopher.morrow () verizonbusiness com>
Date: Mon, 23 Jul 2007 16:39:34 +0000 (GMT)



On Mon, 23 Jul 2007, Joe Greco wrote:




On Sun, 22 Jul 2007, Joe Greco wrote:

We can break a lot of things in the name of "saving the Internet."  That
does not make it wise to do so.


Since the last time the subject of ISPs taking action and doing something
about Bots, a lot of people came up with many ideas involving the ISP
answering DNS queries with the addresses of ISP cleaning servers.

Just about every commercial WiFi hotspot and hotel login system uses a
fake DNS server to redirect users to its login pages.


I think there's a bit of a difference, in that when you're using every
commercial WiFi hotspot and hotel login system, that they redirect
everything.  Would you truly consider that to be the same thing as one
of those services redirecting "www.cnn.com" to their own ad-filled news
page?


That's only on initial login, prior to login I suppose. I'm fairly certain
their servers could return other 'invalid' responses after login if they
wanted, they might even see some revenue savings by redirecting a list of
'known bad things' off to 127.0.0.1 (for instance, pick your preferred
place).


However, if I were to go to a hotel, and they intercept random (to me)
web sites, I'd consider that a very bad thing.


What if it was things you didn't use, didn't know about and were there for
some measure of your protection? (or your grandmother's protection even)




Many universities
use a fake DNS server to redirect student computers to cleaning sites.


I'm not sure I entirely approve of that, either, but at least it is more
like the hotel login scenario than the hotel random site redirection
scenario.


The problem is that there is very little difference... and it's very
'easy' to say (as a provider) "hey, I can help my customers, and the
Intertubes as a whole..."  (btw, how's this all different than opendns?)

One of the highlights of this discussion is that people get upset when you
mess with 'basic plumbing' in a non-obvious manner. I suppose if you KNOW
that it's happening (change your resolv.conf to opendns servers) that's
one thing, though do you know or can you config opendns to NOT redirect
(example) irc.vel.net but DO irc.badguy.net? messing with DNS brings with
it consequences, some good ones and some bad ones...
Previous By Date Next
Previous By Thread Next

Current thread: