[169584] in North American Network Operators' Group
Re: Hackers hijack 300, 000-plus wireless routers, make malicious
daemon@ATHENA.MIT.EDU (Brandon Galbraith)
Tue Mar 4 13:48:36 2014
In-Reply-To: <DC5ED98B905D0B4D9DB6C73C0FF373DA5F0B4FB6@UOS-DUN-MBX2.st-andrews.ac.uk>
Date: Tue, 4 Mar 2014 12:48:09 -0600
From: Brandon Galbraith <brandon.galbraith@gmail.com>
To: Ian McDonald <iam@st-andrews.ac.uk>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Mar 4, 2014 at 12:33 PM, Ian McDonald <iam@st-andrews.ac.uk> wrote:
> Until the average user's cpe is only permitted to use the resolvers one h=
as provided as the provider (or otherwise decided are OK), this is going to=
be a game of whackamole. So long as there's an 'I have a clue' opt out, it=
appears to be the way forward to resolve this issue. Shutting down one set=
of 'bad resolvers' will simply cause a new set to be spawned, and a reinfe=
ction run round the still-unpatched cpe's of the world.
+1. Local network resolvers/trusted providers (Google 8.8., OpenDNS),
"Clue Opt Out" switch available if needed.
