How should ISPs notify customers about Bots (Was Re: DNS Hijacking
Chris L. Morrow
christopher.morrow at verizonbusiness.com
Tue Jul 24 16:22:11 UTC 2007
On Tue, 24 Jul 2007, Suresh Ramasubramanian wrote:
> On 7/24/07, Chris L. Morrow <christopher.morrow at verizonbusiness.com> wrote:
>
> > Pleaes do this at 1Gbps, really 2Gbps today and 20gbps shortly, in a cost
> > effective manner. Please also do this on encrypted control channels or
> > channels not 'irc', also please stay 'cost effective'. Additionally,
>
> Right. However one consolation is that all this is edge filtering,
> outbound. And some of it can be pushed off onto the CPE (e&oe
> availability of patched CPE)
I'd love to see CPE dsl/cable-modem providers integrate with a 'service'
that lists out 'bad' things. it'd be nice if the user could even tailor
that list (just C&C or C&C + child-porn or C&C older not than X
days/hours/minutes) ... I think it might even help, and be vendor agnostic
(from a provide and hardware) perspective.
>
> Outbound traffic volumes wont be as horrendously high as those
> inbound, and should be a bit easier to categorize than inbound traffic
>
> DNS and routing tricks are the silliest, to some - but well, they work
> for a lot of low hanging fruit. And as you say, they are cost
> effective.
and they are at the control of the provider, which I think is also
somewhat important, people don't know or don't want to police themselves
(in general). Also, the false positive issue will still exist, regardless
of where this 'service' exists. So we'll have to learn to deal with it and
provide workarounds that grandma can do on her own without calling her
vendor (equipment or service).
-Chris
More information about the NANOG
mailing list