How should ISPs notify customers about Bots (Was Re: DNS Hijacking
Joe Greco
jgreco at ns.sol.net
Mon Jul 23 20:00:57 UTC 2007
> On Mon, 23 Jul 2007, Joe Greco wrote:
> > So how do you connect to the real IRC server, then? Remember that most
> > end users are not nslookup-wielding shell commandos who can figure out
> > whois and look up the IP.
>
> If those users are so technically unsophisticated, do you really expect
> the other users with infected computers to figure out how to disinfect
> their computer and remove the Bots instead?
>
> So you have potentially tens of thousands of infected computers with Bots
> making connections to an IRC server. You know many of those bots are
> well-known, old bots that have built-in removal commands. But 99% of
> those users don't have the technical knowledge to clean their machine
> themselves or know what a Bot is. On the other hand, you have 1% of users
> are sophisticated enough to use IRC servers. And a few percentage of
> overlap between the two groups.
>
> What do you do?
> a. nothing
> b. terminate tens of thousands of user accounts (of users who are mostly
> "innocent" except their computer was compromised)
> c. block all IRC
> d. redirect IRC connections to a few servers known to be used by Bots
> e. something else
e. something else.
Because:
a. is wrong.
b. doesn't fix the problem, merely shoots yourself in the foot.
c. is impossible, stupid, and pointless to try.
d. has been proven to be implemented incompetently by Cox.
e. includes solutions known to work, including walled gardens, etc.
Again, you do not need to hijack someone else's domain name and redirect
portions of their namespace at one of your own servers in order to fix
this problem.
Well, of course, that assumes that you're technically competent.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the NANOG
mailing list