How should ISPs notify customers about Bots (Was Re: DNS Hijacking
Joe Greco
jgreco at ns.sol.net
Mon Jul 23 19:56:15 UTC 2007
> On Mon, 23 Jul 2007, Suresh Ramasubramanian wrote:
> >> What should be the official IETF recognized method for network operators
> >> to asynchronously communicate with users/hosts connect to the network for
> >> various reasons getting those machines cleaned up?
> >
> > Most large carriers that are also MAAWG members seem to be pushing
> > walled gardens for this purpose.
>
> Walled gardens also block access to external IRC servers.
However, that would seem to be expected.
> On a network protocol level, walled gardens also contain things like fake
> DNS servers (what about DNSsec), fake http servers, fake (or forced) NAT
> re-writing IP addresses, access control lists and lots of stuff trying to
> respond to the user's traffic with alerts from the ISP.
>
> Although there seems to be a contingent of folks who believe ISPs should
> never block or redirect any Internet traffic for any reason, the reality
> is stepping into the middle of the user's traffic sometimes the only
> practical way for ISPs to reach some Internet users with infected
> computers.
Then they should do that ... FOR the users with infected computers ...
and not break DNS for other legitimate sites.
> But, like other attempts to respond to network abuse (e.g. various
> block lists), sometimes there are false positives and mistakes. When
> it happens, you tweak the filters and undue the wrong block. Demanding
> zero chance of error before ISPs doing anything just means ISPs won't do
> anything.
"Think before act."
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the NANOG
mailing list