DNS Hijacking by Cox
Steven Haigh
netwiz at crc.id.au
Tue Jul 24 00:49:18 UTC 2007
Quoting Joe Greco <jgreco at ns.sol.net>:
>
>> On Mon, 23 Jul 2007, Joe Greco wrote:
>> > And, incidentally, I do consider this a false positive. If any average
>> > person might be tripped up by it, and we certainly have a lot of average
>> > users on IRC, then it's bad. So, the answer is, "at least one false
>> > positive."
>>
>> The only way any human activity will NEVER have a single false positive,
>> i.e. mistake, is by never doing anything.
>>
>> Do people really want ISPs not to do anything?
>
> I'd prefer that ISP's tends towards taking no action when taking action
> has a strong probability of backfiring.
I'd have to say that at this point it is VERY obvious that you have
never administered a large (100k users+) network. The procedures and
paths of action you wish the largers ISPs to take are just not
practical.
From your web site:
"Please Note: Be very certain that your alleged abuse incident
actually originated here before submitting a complaint. Do not sumbit
a complaint without full headers, logs, and timestamps. We are not a
commercial ISP and it is highly unlikely that your abuse incident
actually originated here."
Spelling mistakes and "under construction" pages from 2002 aside, it
shows that you look to be familiar with dealing with smaller scale
operations. The reality of the matter is that large ISPs can do:
1) Nothing (which makes matters worse in the long run)
2) A disruptive fix (will get some false matches, a handful of
IRCers vs 100k+ users is acceptable).
3) Kill accounts.
Now lets look at a quick real world result of each of the three above.
1) Your network eventually caves into the ground. You end up being
a host for many spam networks and other nasties. Everyone on the
internet hates you.
2) A handful of people complain, cry, whimper, and leave. The
number of users in this boat won't really have much of an effect on
operations or business. Acceptable losses vs doing option 1.
3) You get a reputation of killing 'innocent' peoples accounts due
to unknown infections of crud. Business declines, and you end up
working for an ISP that would implement option 2.
In reality, the "purist" ideals of Internet access just does not work.
--
Steven Haigh
Email: netwiz at crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9017 0597 - 0404 087 474
More information about the NANOG
mailing list