[169581] in North American Network Operators' Group
Re: Hackers hijack 300, 000-plus wireless routers, make malicious
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Tue Mar 4 12:41:55 2014
Date: Tue, 4 Mar 2014 12:41:19 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <CAJL_ZMNB0HmZn94t_SzcZrXUyLo-ZUxJN36w0m6XE7N_Gy8zyA@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "jim deleskie" <deleskie@gmail.com>
> Why swing such a big hammer. Even blocking those 2 IP's will
> isolate your users, and fill your support queue's.
>
> Set up a DNS server locally to reply to those IP's Your customers stay up
> and running and blissfully unaware.
>
> Log the IP's hitting your DNS servers on those IP and have your support
> reach out to them in a controlled way, or reply to any request via DNS
> with an internal host that has a web page explaining what is broken
> and how they can fix it avoiding at least some of the calls to your helpdesk.
Jim's right, of course. In my defense, it *was* 9 am, and I hadn't had
any caffeine yet. ;-}
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
