nanog mailing list archives
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
From: "Suresh Ramasubramanian" <ops.lists () gmail com>
Date: Tue, 24 Jul 2007 22:02:50 +0530
On 7/24/07, Joe Greco <jgreco () ns sol net> wrote:
The problem is isolating the traffic in question. Since you DO NOT HAVE GIGABITS OF TRAFFIC destined for IRC servers, this becomes a Networking 101-style question. A /32 host route is going to be effective. Manipulating DNS is definitely the less desirable method, because it has the potential for breaking more things. But, hey, it can be done, and with an amount of effort that isn't substantially different from the amount of work Cox would have had to do to accomplish what they did.
Yup - though I still dont see much point in specialcasing IRC. It would probably be much more cost effective in the long run to have something rather more comprehensive. Yes there are a few bots around still using IRC but a lot of them have moved to other, better things (and there's fun "headless" bots too, hardcoded with instructions and let loose so there's no C&C, no centralized domain or dynamic dns for takedown.. you want to make a change? just release another bot into the wild).
Current thread:
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking, (continued)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking David Schwartz (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Chris L. Morrow (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Suresh Ramasubramanian (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Valdis . Kletnieks (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Stephen Wilcox (Jul 24)
- RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Raymond L. Corbin (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Roland Dobbins (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Roland Dobbins (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 24)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Chris L. Morrow (Jul 24)