nanog mailing list archives
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
From: Joe Greco <jgreco () ns sol net>
Date: Mon, 23 Jul 2007 14:56:15 -0500 (CDT)
On Mon, 23 Jul 2007, Suresh Ramasubramanian wrote:What should be the official IETF recognized method for network operators to asynchronously communicate with users/hosts connect to the network for various reasons getting those machines cleaned up?Most large carriers that are also MAAWG members seem to be pushing walled gardens for this purpose.Walled gardens also block access to external IRC servers.
However, that would seem to be expected.
On a network protocol level, walled gardens also contain things like fake DNS servers (what about DNSsec), fake http servers, fake (or forced) NAT re-writing IP addresses, access control lists and lots of stuff trying to respond to the user's traffic with alerts from the ISP. Although there seems to be a contingent of folks who believe ISPs should never block or redirect any Internet traffic for any reason, the reality is stepping into the middle of the user's traffic sometimes the only practical way for ISPs to reach some Internet users with infected computers.
Then they should do that ... FOR the users with infected computers ... and not break DNS for other legitimate sites.
But, like other attempts to respond to network abuse (e.g. various block lists), sometimes there are false positives and mistakes. When it happens, you tweak the filters and undue the wrong block. Demanding zero chance of error before ISPs doing anything just means ISPs won't do anything.
"Think before act." ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking, (continued)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Stephen Wilcox (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Valdis . Kletnieks (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Chris L. Morrow (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox) Suresh Ramasubramanian (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox) Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox) Suresh Ramasubramanian (Jul 23)
- RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox) michael.dillon (Jul 23)
- RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox) Chris L. Morrow (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: DNS Hijacking by Cox Florian Weimer (Jul 22)
- Port 587 vs. 25 [was: DNS Hijacking by Cox] Patrick W. Gilmore (Jul 23)
- Re: Port 587 vs. 25 [was: DNS Hijacking by Cox] Mikael Abrahamsson (Jul 23)
- Re: Port 587 vs. 25 [was: DNS Hijacking by Cox] Jeroen Wunnink (Jul 23)
- Re: Port 587 vs. 25 [was: DNS Hijacking by Cox] Mikael Abrahamsson (Jul 23)
- Re: Port 587 vs. 25 [was: DNS Hijacking by Cox] Jeroen Wunnink (Jul 23)
- Re: Port 587 vs. 25 Florian Weimer (Jul 23)
- Re: DNS Hijacking by Cox Niels Bakker (Jul 22)
- Re: DNS Hijacking by Cox David Conrad (Jul 23)