On-going Internet Emergency and Domain Names (kill this thread)
Mikael Abrahamsson
swmike at swm.pp.se
Sun Apr 1 06:25:49 UTC 2007
On Sat, 31 Mar 2007, Jeff Shultz wrote:
> Does that sound about right?
If ISPs cannot be forced into running a 24/7/365 response function, I
don't see the registry/registrars doing it.
Solving this at the DNS level is just silly, if you want to solve it it
either you get to the core (block IP access, perhaps by BGP blacklisting)
or go to level 8, ie the human level, and get these infected machines off
the net permanently.
So Gadi, to accomplish what you want you need to propose to the ISPs all
over the net that what you're trying to do is so important that some
entity publishing a realtime blacklist is important enough that all major
ISPs should subscribe to a BGP blackhole list from there. Also that this
is important enough to seriously violate the distributed structure of the
net today that has made it into the raging success it is today. It's not
perfect, but it works, and it doesn't have a single point of failure.
... and people have very bad experiences from blacklists not being
maintained properly.
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG
mailing list