How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox)

• Previous message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox)
• Next message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 23 Jul 2007, Suresh Ramasubramanian wrote:
>> What should be the official IETF recognized method for network operators
>> to asynchronously communicate with users/hosts connect to the network for
>> various reasons getting those machines cleaned up?
>
> Most large carriers that are also MAAWG members seem to be pushing
> walled gardens for this purpose.

Walled gardens also block access to external IRC servers.

On a network protocol level, walled gardens also contain things like fake 
DNS servers (what about DNSsec), fake http servers, fake (or forced) NAT 
re-writing IP addresses, access control lists and lots of stuff trying to 
respond to the user's traffic with alerts from the ISP.

Although there seems to be a contingent of folks who believe ISPs should
never block or redirect any Internet traffic for any reason, the reality 
is stepping into the middle of the user's traffic sometimes the only 
practical way for ISPs to reach some Internet users with infected 
computers.

But, like other attempts to respond to network abuse (e.g. various 
block lists), sometimes there are false positives and mistakes.  When
it happens, you tweak the filters and undue the wrong block. Demanding 
zero chance of error before ISPs doing anything just means ISPs won't do 
anything.

• Previous message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox)
• Next message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]