How should ISPs notify customers about Bots (Was Re: DNS Hijacking

• Previous message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking
• Next message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/24/07, Joe Greco <jgreco at ns.sol.net> wrote:

> The problem is isolating the traffic in question.  Since you DO NOT HAVE
> GIGABITS OF TRAFFIC destined for IRC servers, this becomes a Networking
> 101-style question.  A /32 host route is going to be effective.
> Manipulating DNS is definitely the less desirable method, because it has
> the potential for breaking more things.  But, hey, it can be done, and
> with an amount of effort that isn't substantially different from the
> amount of work Cox would have had to do to accomplish what they did.

Yup - though I still dont see much point in specialcasing IRC.   It
would probably be much more cost effective in the long run to have
something rather more comprehensive.

Yes there are a few bots around still using IRC but a lot of them have
moved to other, better things (and there's fun "headless" bots too,
hardcoded with instructions and let loose so there's no C&C, no
centralized domain or dynamic dns for takedown.. you want to make a
change? just release another bot into the wild).

• Previous message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking
• Next message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]