How should ISPs notify customers about Bots (Was Re: DNS Hijacking
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Jul 23 16:52:33 UTC 2007
On Mon, 23 Jul 2007 11:39:35 EDT, Sean Donelan said:
> messages. The irc.foonet.com server clearly sends several cleaning
> commands used by several well-known, and very old, Bots.
Old and well-known bots. Remember that for a moment, and think "6 month old
antivirus signatures" for a bit....
> service (can't look for help)? Or should the ISP only disrupt the minimum
> number of services needed to clean the Bot?
Is there any indication that the commands actually pushed have a *significant*
chance of actually wiping any resident bots, or is it "That's an old worn-out
magic word" time? It's one thing if 95% of the time, hijacking the connection
and pushing command strings actually cleans a bot up. It's another thing
entirely if it only works 5 or 10% of the time because most of the bots
currently out there are no longer susceptible to that cleaning method.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070723/156cf183/attachment.sig>
More information about the NANOG
mailing list