[97967] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Multiple different ISPs respond to Bots (was RE: DNS Hijacking by

daemon@ATHENA.MIT.EDU (Matthew Sullivan)
Sun Jul 22 23:47:59 2007

Date: Mon, 23 Jul 2007 13:45:57 +1000
From: Matthew Sullivan <matthew@sorbs.net>
In-reply-to: <Pine.GSO.4.64.0707222318310.20509@clifden.donelan.com>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu


Sean Donelan wrote:
>
> On Sun, 22 Jul 2007, Raymond L. Corbin wrote:
>> I agree. They are at least trying to clean up their network. If they are
>> having a lot of problems with zombie bots that DDoS / Spam then this is
>> a good way to stop it, for now. The small group of users can either use
>> other nameservers or something like psybnc to connect if they want to
>> get on IRC.
>
> It doesn't seem to be rogue Cox engineers.  Several major ISPs have 
> all taken action against these particular IRC servers (not! IRC in 
> general).
> They either re-direct the traffic to a cleaning server, or are 
> blackholing the traffic completely.
>
> Yes, it could have been some type of false positive; but when multiple 
> ISPs all start re-acting to something, I think there might be more to 
> the story.  Especially when those ISPs are noted for not responding to 
> incidents.  One ISP, it might be the ISP.  Multiple ISPs, gotta start 
> looking at what has them disturbed.

Legit or not, well that's for each individual, because of the problem of 
Bots I'm happy that they are doing it, when my ISP stops me connecting 
to my IRC server I'll probably not be happy (actually I'd be *very* 
unhappy because I IPSec all traffic with the network it's on, but that's 
another story). 

Cox know they have a problem, they have taken steps which have been 
thought out to correct it.  How many legitimate users use irc.vel.net 
from *.cox.net against how many bots use IRC from *.cox.net ... all a 
matter of numbers and risk.  Not saying it's right or wrong, but am 
saying look at the numbers before making a personal call, and use your 
own server(s) for recursion if you can't accept what they have done to 
*their* DNS servers.  of course if Cox is blocking DNS traffic from home 
users then I can see a reason to complain loudly.

My $0.02...

Regards,

Mat


home help back first fref pref prev next nref lref last post