[150264] in North American Network Operators' Group
Re: DNS Attacks
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Mon Feb 20 12:58:29 2012
In-Reply-To: <CACg3zYFe3dtUP08dE-GaQ89peHpmMTW0rfsA1rB3Hb6HnOP5bA@mail.gmail.com>
Date: Mon, 20 Feb 2012 12:57:46 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Tei <oscar.vives@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Feb 20, 2012 at 10:38 AM, Tei <oscar.vives@gmail.com> wrote:
> I am a mere user, so I all this stuff sounds to me like giberish.
>
> The right solution is to capture the request to these DNS servers, and
> send to a custom server with a static message =A0"warning.html". Nothing
> fancy. =A0 With a phone number to "get out of jail", so people can call
> to "op-out" of this thing, so can browse the internet to search for a
> solution.
in this case, the fbi/dns-changer case, the information is pretty
straightforward for theisp folk... 'client machine makes dns queries
not to the isp dns server (or one of several free dns services), but
to a known bad set of netblocks'
the easy fix is to just stand up (forever, ha!) dns servers on the ip
blocks inside the ISP's network, done and done... they can then start
notifying the customers via mail/email/carrier-pidgeon that they are
infected, along with instructions about how to get un-infected.
-chris
