DNS Hijacking by Cox

Steven Haigh netwiz at crc.id.au
Tue Jul 24 00:49:18 UTC 2007


Quoting Joe Greco <jgreco at ns.sol.net>:

>
>> On Mon, 23 Jul 2007, Joe Greco wrote:
>> > And, incidentally, I do consider this a false positive.  If any average
>> > person might be tripped up by it, and we certainly have a lot of average
>> > users on IRC, then it's bad.  So, the answer is, "at least one false
>> > positive."
>>
>> The only way any human activity will NEVER have a single false positive,
>> i.e. mistake, is by never doing anything.
>>
>> Do people really want ISPs not to do anything?
>
> I'd prefer that ISP's tends towards taking no action when taking action
> has a strong probability of backfiring.

I'd have to say that at this point it is VERY obvious that you have  
never administered a large (100k users+) network. The procedures and  
paths of action you wish the largers ISPs to take are just not  
practical.

 From your web site:
"Please Note: Be very certain that your alleged abuse incident  
actually originated here before submitting a complaint. Do not sumbit  
a complaint without full headers, logs, and timestamps. We are not a  
commercial ISP and it is highly unlikely that your abuse incident  
actually originated here."

Spelling mistakes and "under construction" pages from 2002 aside, it  
shows that you look to be familiar with dealing with smaller scale  
operations. The reality of the matter is that large ISPs can do:

    1) Nothing (which makes matters worse in the long run)
    2) A disruptive fix (will get some false matches, a handful of  
IRCers vs 100k+ users is acceptable).
    3) Kill accounts.

Now lets look at a quick real world result of each of the three above.

    1) Your network eventually caves into the ground. You end up being  
a host for many spam networks and other nasties. Everyone on the  
internet hates you.

    2) A handful of people complain, cry, whimper, and leave. The  
number of users in this boat won't really have much of an effect on  
operations or business. Acceptable losses vs doing option 1.

    3) You get a reputation of killing 'innocent' peoples accounts due  
to unknown infections of crud. Business declines, and you end up  
working for an ISP that would implement option 2.

In reality, the "purist" ideals of Internet access just does not work.

-- 
Steven Haigh

Email: netwiz at crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9017 0597 - 0404 087 474




More information about the NANOG mailing list