Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking

[Joe Greco <jgreco () ns sol net>]

> On Mon, 23 Jul 2007, Suresh Ramasubramanian wrote:
> > > What should be the official IETF recognized method for network operators
> > > to asynchronously communicate with users/hosts connect to the network for
> > > various reasons getting those machines cleaned up?
> >
> > Most large carriers that are also MAAWG members seem to be pushing
> > walled gardens for this purpose.
>
> Walled gardens also block access to external IRC servers.

However, that would seem to be expected.

> On a network protocol level, walled gardens also contain things like fake 
> DNS servers (what about DNSsec), fake http servers, fake (or forced) NAT 
> re-writing IP addresses, access control lists and lots of stuff trying to 
> respond to the user's traffic with alerts from the ISP.
>
> Although there seems to be a contingent of folks who believe ISPs should
> never block or redirect any Internet traffic for any reason, the reality 
> is stepping into the middle of the user's traffic sometimes the only 
> practical way for ISPs to reach some Internet users with infected 
> computers.

Then they should do that ... FOR the users with infected computers ...
and not break DNS for other legitimate sites.

> But, like other attempts to respond to network abuse (e.g. various 
> block lists), sometimes there are false positives and mistakes.  When
> it happens, you tweak the filters and undue the wrong block. Demanding 
> zero chance of error before ISPs doing anything just means ISPs won't do 
> anything.

"Think before act."

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.