[169585] in North American Network Operators' Group
Re: Hackers hijack 300, 000-plus wireless routers, make malicious
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Tue Mar 4 14:11:02 2014
In-Reply-To: <DC5ED98B905D0B4D9DB6C73C0FF373DA5F0B4FB6@UOS-DUN-MBX2.st-andrews.ac.uk>
From: Jimmy Hess <mysidia@gmail.com>
Date: Tue, 4 Mar 2014 13:10:19 -0600
To: Ian McDonald <iam@st-andrews.ac.uk>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Mar 4, 2014 at 12:33 PM, Ian McDonald <iam@st-andrews.ac.uk> wrote:
> Until the average user's cpe is only permitted to use the resolvers one
> has provided as the provider (or otherwise decided are OK), this is going
> to be a game of whackamole.
No. That is still just treating symptoms, and not the disease.
This also creates an unacceptable annoyance for the most slightly technical
user who needs to troubleshoot any DNS problems with their domains.
When the ISP's nameservers are blocked, the script kiddies will set up a
tunnel, or configure the DNS client to use a different UDP port number for
DNS resolution, or adjust the router firmware to run tcpdump and
upload session data to/from interesting web destinations, to a hostname
on port 80.
--
-JH
