Operation Ghost Click

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue May 1 19:19:27 UTC 2012

On Tue, 01 May 2012 10:40:57 -0400, Rich Kulawiec said:

> Why haven't you cut these obviously-infected systems off entirely?

There's quite likely multiple systems behind a NAT-ish router, and Comcast
doesn't have any real option but to nuke *all* the systems behind the router.

This can be a tad troublesome if there's one infected box behind the router,
but the customer is also using VoIP of some sort from another box - you may
just have nuked their 911 capability. Or if they have multiple systems, you may
have killed their ability to transact basic business like contact their local
government or pay their utility bills from a box that's not infected.

(Hint - it's the same basic reason why 3-strikes laws for copyright
infringement that turn off the subscriber suck - the unintended collateral
damage tends to break things you really don't want to break...)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120501/009d41af/attachment.sig>

More information about the NANOG mailing list