[169582] in North American Network Operators' Group
Re: Hackers hijack 300, 000-plus wireless routers, make malicious
daemon@ATHENA.MIT.EDU (Octavio Alvarez)
Tue Mar 4 13:06:38 2014
Date: Tue, 04 Mar 2014 10:06:13 -0800
From: Octavio Alvarez <alvarezp@alvarezp.ods.org>
To: jim deleskie <deleskie@gmail.com>, Andrew Latham <lathama@gmail.com>
In-Reply-To: <CAJL_ZMNB0HmZn94t_SzcZrXUyLo-ZUxJN36w0m6XE7N_Gy8zyA@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 03/04/2014 05:28 AM, jim deleskie wrote:
> Why want to swing such a big hammer. Even blocking those 2 IP's will
> isolate your users, and fill your support queue's.
When the malicious DNS services get shutdown you will still have your
support queue's filled, anyway.
Doing it now will let you identify those affected. Blockage doesn't have
to be all-or-nothing. It can be incremental, selective or all-or-nothing
on some time windows.
Better now than later.
