How should ISPs notify customers about Bots (Was Re: DNS Hijacking
Sean Donelan
sean at donelan.com
Mon Jul 23 20:17:39 UTC 2007
On Mon, 23 Jul 2007, Chris L. Morrow wrote:
> So, to back this up and get off the original complaint, if a service
> provider can protect a large portion of their customer base with some
> decent intelligence gathering and security policy implementation is that a
> good thing? keeping in mind that in this implementation users who know
> enough and are willing to forgoe that 'protection' (for some value of
> protection) can certainly circumvent/avoid it.
Joe St Sauver covers some of these topics.
http://www.uoregon.edu/~joe/zombies.pdf
Should ISPs attempt to block Bot Command and Control connections (which
is more general than just IRC C&C Bots), assuming ISPs try to avoid
"legitimate" servers although mistakes might happen?
More information about the NANOG
mailing list