How should ISPs notify customers about Bots (Was Re: DNS Hijacking

• Previous message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking
• Next message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 23 Jul 2007 11:39:35 EDT, Sean Donelan said:
> messages.  The irc.foonet.com server clearly sends several cleaning 
> commands used by several well-known, and very old, Bots.

Old and well-known bots.  Remember that for a moment, and think "6 month old
antivirus signatures" for a bit....

> service (can't look for help)?  Or should the ISP only disrupt the minimum 
> number of services needed to clean the Bot?

Is there any indication that the commands actually pushed have a *significant*
chance of actually wiping any resident bots, or is it "That's an old worn-out
magic word" time?  It's one thing if 95% of the time, hijacking the connection
and pushing command strings actually cleans a bot up.  It's another thing
entirely if it only works 5 or 10% of the time because most of the bots
currently out there are no longer susceptible to that cleaning method.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070723/156cf183/attachment.sig>

• Previous message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking
• Next message (by thread): How should ISPs notify customers about Bots (Was Re: DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]