[EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses
Eric Kuhnke
eric.kuhnke at gmail.com
Fri Oct 27 23:08:37 UTC 2023
When you have a sufficiently large mass of non-technical end users,
inevitably some percentage of them will end up doing something like
enabling WAN-interface-facing remote admin access,which then gets pwned and
turned into a botnet. It's a real problem at scale. Compromised CPE routers
in addition to people visiting virus/trojan laden webservers and infecting
their endpoint devices.
good example:
https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-tp-links-cve-2023-1389
On Fri, Oct 27, 2023 at 3:37 PM John Levine <johnl at iecc.com> wrote:
> It appears that Bryan Fields <Bryan at bryanfields.net> said:
> >-=-=-=-=-=-
> >-=-=-=-=-=-
> >On 10/27/23 7:49 AM, John Levine wrote:
> >> But for obvious good reasons,
> >> the vast majority of their customers don't
> >
> >I'd argue that as a service provider deliberately messing with DNS is an
> >obvious bad thing. They're there to deliver packets.
>
> For a network feeding a data center, sure. For a network like
> Charter's which is feeding unsophisticated nontechnical users, they
> need all the messing they can get.
>
> If you're one of the small minority of retail users that knows enough
> about the technology to pick your own resolver, go ahead. But it's
> a reasonable default to keep malware out of Grandma's iPad.
>
> R's,
> John
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20231027/623b4d2e/attachment.html>
More information about the NANOG
mailing list