[97966] in North American Network Operators' Group
Multiple different ISPs respond to Bots (was RE: DNS Hijacking by
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sun Jul 22 23:25:26 2007
Date: Sun, 22 Jul 2007 23:24:20 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <9173D4AE142BB6449EFE552FC33747F8B3F7@hmsexch.corp.safesecureweb.com>
Errors-To: owner-nanog@merit.edu
On Sun, 22 Jul 2007, Raymond L. Corbin wrote:
> I agree. They are at least trying to clean up their network. If they are
> having a lot of problems with zombie bots that DDoS / Spam then this is
> a good way to stop it, for now. The small group of users can either use
> other nameservers or something like psybnc to connect if they want to
> get on IRC.
It doesn't seem to be rogue Cox engineers. Several major ISPs have all
taken action against these particular IRC servers (not! IRC in general).
They either re-direct the traffic to a cleaning server, or are blackholing
the traffic completely.
Yes, it could have been some type of false positive; but when multiple
ISPs all start re-acting to something, I think there might be more to the
story. Especially when those ISPs are noted for not responding to
incidents. One ISP, it might be the ISP. Multiple ISPs, gotta start
looking at what has them disturbed.
Its hard to wake those dragons.
