DNS Hijacking by Cox

• Previous message (by thread): DNS Hijacking by Cox
• Next message (by thread): DNS Hijacking by Cox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The problem is, you dont know what is behind that probably NATted ip
address. Probably you have 3 unix machines running smtp and uucp
and a single infected windows box and maybe some VoIPs and ...

You kill everything but that single maudit infected windows.

The guy who is running the windows box is Dad and he wont come
home before the weekend.

Oh, you killed the VoIP. Sorry I cannot fone Dad and tell him
his pc is infected.


You might as well hit a small business with some 50 workstations.
Again you hit their VoIP and maybe their VPN so their outsourced
system manager cannot dial in and try to repair things.


Maybe it would teach them not to get infected but I would not
want to be their ISP.



Of course we are "only" talking about IRC but which botherder
is depending on IRC only?


Kind regards
Peter and Karin


Mattias Ahnberg wrote:
> James Hess wrote:
> 
>>I suspect it would be most useful if "detected drones" by most major IRC
>>network would be visible to cooperating ISPs for further analysis, not
>>just Undernet.
> 
> 
> I'd dare to say that most of us major networks hardly see a small
> percentage of the big botnets around, the miscreants have since a
> long time back learned to use own C&Cs where the connected IPs of
> a connected client is hidden from all but themselves.
> 
> But it certainly would not hurt if there was a good way to report
> drones to ISPs and actually get some attention to the problem. A
> bunch of small streams quickly build up to a larger river in the
> end, I guess.
> 
> Perhaps a larger issue for the ISPs is what to actually DO with
> their infected customers. To what extent is the ISP responsible
> for what their users do and how their computers are setup? I do
> not have a clear answer to that.
> 
> Since almost every user is using the web a nice system could be
> to redirect reported PCs through a proxy the ISP controls where
> the user can get information about what to do about problems and
> at the same time still reach the Internet after chosing to click
> away the information; or something along those lines.


-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.arl.pirates
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/

• Previous message (by thread): DNS Hijacking by Cox
• Next message (by thread): DNS Hijacking by Cox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]