[169579] in North American Network Operators' Group
Re: Hackers hijack 300, 000-plus wireless routers,
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Mar 4 09:55:44 2014
To: jim deleskie <deleskie@gmail.com>
In-Reply-To: Your message of "Tue, 04 Mar 2014 09:28:01 -0400."
<CAJL_ZMNB0HmZn94t_SzcZrXUyLo-ZUxJN36w0m6XE7N_Gy8zyA@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 04 Mar 2014 09:54:12 -0500
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1393944852_3106P
Content-Type: text/plain; charset=us-ascii
On Tue, 04 Mar 2014 09:28:01 -0400, jim deleskie said:
> Why want to swing such a big hammer. Even blocking those 2 IP's will
> isolate your users, and fill your support queue's.
>
> Set up a DNS server locally to reply to those IP's Your customers stay up
> and running and blissfully unaware.
>
> Log the IP's hitting your DNS servers on those IP and have your support
> reach out to them in a controlled way, or reply to any request via DNS
> with an internal host that has a web page explaining what is broken and how
> they can fix it avoiding at least some of the calls to your helpdesk.
Two words: "DNS Changer". What did we learn from that?
--==_Exmh_1393944852_3106P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBUxXpFAdmEQWDXROgAQKGSBAApWdb6LzX8SUNvQxwhEtXfGCNShidcJWO
3X/7OeadYgO2+yHNNbl3veRgLpSmdtnxG54ejq+vNaru+mleoC+MN0U35hASSLrh
L5EBTJiu3gx84zAYud/FdTAVOoWvV1g/H/U8GsIu4PeIj8nY5gkksAUmTHqShwuO
lb2fi4sS2+aSW1byCTn0iKZSfpHpSAFbDUYbC6k6s8lwr5ny3pi2CTJWWfK2oSb4
SsF9/MeM9L/cfY0FMnxz2paEnTYiB8c6HoPdTN1u9+qswfP/DKlquAfs8bXwVONF
ZHTwzQO6w/WbQUVnN2KNtscXMyJ5k36xSzdfnlVoVxMMEhGgauk0rUhC5Guy3gr7
L21+UvVFhBmyQOhZO3jU0bLajPm2yTlXs7PxP5hSUT7N5Phcxi9knvj74A0snLYq
7aJyIpJrZPOQ2qog5ktjZG5re4/dhYaAEb0L15TfC938CrMDTL8nkmmv3DeyoTDC
zICuNSEUJ5UrmBTiOGbH2wEW6/USTOEW/VsHmS8G3Q1fzNtnkQIamA4VYGwv5cCZ
LTpFJMiiIOPJcCSleY4FmOsoqBOabq/nUYju0ySwhFBblagHDrIYSx2VH0AQACre
zfJPsiWtFcksHVApeyCxJ7fieHwbRrkMqDbSQf9kqVoYF0/gH09UghyATnhAZHsq
t6TSlCGQnxY=
=Qm5N
-----END PGP SIGNATURE-----
--==_Exmh_1393944852_3106P--
