nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking

From: "Chris L. Morrow" <christopher.morrow () verizonbusiness com>
Date: Tue, 24 Jul 2007 16:22:11 +0000 (GMT)



On Tue, 24 Jul 2007, Suresh Ramasubramanian wrote:


On 7/24/07, Chris L. Morrow <christopher.morrow () verizonbusiness com> wrote:


Pleaes do this at 1Gbps, really 2Gbps today and 20gbps shortly, in a cost
effective manner. Please also do this on encrypted control channels or
channels not 'irc', also please stay 'cost effective'. Additionally,


Right. However one consolation is that all this is edge filtering,
outbound. And some of it can be pushed off onto the CPE (e&oe
availability of patched CPE)


I'd love to see CPE dsl/cable-modem providers integrate with a 'service'
that lists out 'bad' things. it'd be nice if the user could even tailor
that list (just C&C or C&C + child-porn or C&C older not than X
days/hours/minutes) ... I think it might even help, and be vendor agnostic
(from a provide and hardware) perspective.



Outbound traffic volumes wont be as horrendously high as those
inbound, and should be a bit easier to categorize than inbound traffic

DNS and routing tricks are the silliest, to some - but well, they work
for a lot of low hanging fruit. And as you say, they are cost
effective.


and they are at the control of the provider, which I think  is also
somewhat important, people don't know or don't want to police themselves
(in general). Also, the false positive issue will still exist, regardless
of where this 'service' exists. So we'll have to learn to deal with it and
provide workarounds that grandma can do on her own without calling her
vendor (equipment or service).

-Chris
Previous By Date Next
Previous By Thread Next

Current thread: