DNS Hijacking by Cox

Joe Greco jgreco at ns.sol.net
Mon Jul 23 15:37:55 UTC 2007


> On Mon, 23 Jul 2007, Joe Greco wrote:
> > And, incidentally, I do consider this a false positive.  If any average
> > person might be tripped up by it, and we certainly have a lot of average
> > users on IRC, then it's bad.  So, the answer is, "at least one false
> > positive."
> 
> The only way any human activity will NEVER have a single false positive, 
> i.e. mistake, is by never doing anything.
> 
> Do people really want ISPs not to do anything?

I'd prefer that ISP's tends towards taking no action when taking action
has a strong probability of backfiring.

For example, even if you had no clue that it was a legitimate EFNet IRC
server, irc.vel.net is trivially Googleable and you can determine that it
will therefore be used by various real users.  Redirecting this would be
a bad thing.

On the flip side, redirecting irc.jgreco.net, because you found it in some
bot's connection directory, when Googled, indicates that there are no
matched documents.  While this isn't conclusive proof that it won't break
somebody, it is relatively much less likely to be a customer affecting
issue.  Since the domain is relatively new, it would be a lot more
suspicious.  You could even try connecting to it (if it existed) to see
what the deal was.

I would still be irate if someone owned a portion of my namespace in that 
manner, but as a relative comparison, I could see a much better case for 
it.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



More information about the NANOG mailing list