[152512] in North American Network Operators' Group
Re: Operation Ghost Click
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue May 1 15:20:44 2012
To: Rich Kulawiec <rsk@gsp.org>
In-Reply-To: Your message of "Tue, 01 May 2012 10:40:57 -0400."
<20120501144057.GA6771@gsp.org>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 01 May 2012 15:19:27 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1335899967_1955P
Content-Type: text/plain; charset=us-ascii
On Tue, 01 May 2012 10:40:57 -0400, Rich Kulawiec said:
> Why haven't you cut these obviously-infected systems off entirely?
There's quite likely multiple systems behind a NAT-ish router, and Comcast
doesn't have any real option but to nuke *all* the systems behind the router.
This can be a tad troublesome if there's one infected box behind the router,
but the customer is also using VoIP of some sort from another box - you may
just have nuked their 911 capability. Or if they have multiple systems, you may
have killed their ability to transact basic business like contact their local
government or pay their utility bills from a box that's not infected.
(Hint - it's the same basic reason why 3-strikes laws for copyright
infringement that turn off the subscriber suck - the unintended collateral
damage tends to break things you really don't want to break...)
--==_Exmh_1335899967_1955P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBT6A3PwdmEQWDXROgAQJIMBAAji0ASreTmnfOBGEq9aHwlPNTL5R53Xvv
1xfE3INQckCGz7rRD1nvV3Y9Djw/GO2n4opsBNFFpFVtYhbGyWRdZSflgAx1mS8w
se9C25gYV4qtrjjG48+g54TPA6jPEtOSzbqOnPXdD62KuA0A9DiO8XHY7hE3rVrc
cPU7mQzHwoESNLbVkOt73fvOhevrD+yxrLBd/0GqL0dzam7lPUdZDW8q36mMlVdH
xRlKPgH/OFg2ACRu8SE0DziFtunGIzgOSnYfilPM61l5xSkOLpawFZF29XQ2gpfg
v5E4gGWKqmBcN3OUfh7IJuUURfbmqRuN/lB0pe/l9pc1OZhrU8vh6c6UY8Ejquyh
3iXjnNrezPOYo3GLkKSVtbISQ78WglgZip4w3oxtW/labOCWmEEJp++cQfVI3q0j
xKrkMOVOMzW/iZAsTawMOPiOJ4xTJpe3mc4OGFIcKsVzuyFk+P3PbEUHt676pDA0
zqcELKjLq6anruEyktb9snib5L6vGVpJ/L06vhFtG88u1orcRQOcGJalm+yttL7G
JOawYHCUhAOW+waB/nieRu2BxzcUhEfkCnmpcuk1twTCltAgZITLF/4LZF+LJFiF
CEhhiDJPdSsN/AaJviD5AM1bEySdat6XwHGYtDjAWtdI1xR/SEltqCW97TUrSyLX
kdORITuebns=
=09ZR
-----END PGP SIGNATURE-----
--==_Exmh_1335899967_1955P--
