nanog mailing list archives

RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking

From: "David Schwartz" <davids () webmaster com>
Date: Tue, 24 Jul 2007 16:12:18 -0700

On Mon, 23 Jul 2007, Joe Greco wrote:

Intercept and inspect IRC packets.  If they join a botnet
channel, turn on
a flag in the user's account.  Place them in a garden (no IRC,
no nothing,
except McAfee or your favorite AV/patch set).

Wow, you are recommending ISPs wiretap their subscribers.

I suspect some privacy advocates will be upset with ISPs doing that.


Suppose I add a firewall rule to my router to block traffic to a particular
port. Does my router thereby "wiretap" every packet passing through it
because it needs to find out its destination port in order to determine if
the rule applies or not?

It is sometimes a tricky issue when you filter through legitimate traffic to
stop illegitimate traffic. But a rule that this is always wiretapping of
anything subjected to the automated inspection leads to ridiculous results.

DS

Current thread:

Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking, (continued)
- - - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
    - RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking David Schwartz (Jul 24)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Chris L. Morrow (Jul 24)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 24)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Suresh Ramasubramanian (Jul 24)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 24)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Valdis . Kletnieks (Jul 24)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Stephen Wilcox (Jul 24)
    - RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Raymond L. Corbin (Jul 24)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Roland Dobbins (Jul 24)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 24)
    - Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Roland Dobbins (Jul 24)

(Thread continues...)