[97986] in North American Network Operators' Group
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
daemon@ATHENA.MIT.EDU (Leigh Porter)
Mon Jul 23 11:19:09 2007
Date: Mon, 23 Jul 2007 16:04:58 +0100
From: Leigh Porter <leigh.porter@ukbroadband.com>
To: Sean Donelan <sean@donelan.com>
CC: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.64.0707231036210.21508@clifden.donelan.com>
Errors-To: owner-nanog@merit.edu
Hiya,
Plenty of boxes can do redirection in the middle such as Redback,
Ellacoya etc.
We redirect customers who are infected to a web page when the first
connect. Then every few hours they get re-directed again, just enough so
it's a bit annoying.
If they ignore this for a few weeks, they get redirected more frequently :)
--
Leigh
Sean Donelan wrote:
>
> On Sun, 22 Jul 2007, Joe Greco wrote:
>> We can break a lot of things in the name of "saving the Internet." That
>> does not make it wise to do so.
>
> Since the last time the subject of ISPs taking action and doing
> something about Bots, a lot of people came up with many ideas
> involving the ISP answering DNS queries with the addresses of ISP
> cleaning servers.
>
> Just about every commercial WiFi hotspot and hotel login system uses a
> fake DNS server to redirect users to its login pages. Many
> universities use a fake DNS server to redirect student computers to
> cleaning sites.
>
> What should be the official IETF recognized method for network
> operators to asynchronously communicate with users/hosts connect to
> the network for
> various reasons getting those machines cleaned up?
>
> As far as I know, PPPOE is the only network access protocol that
> includes the feature of redirecting a host to a network operator's
> system; but Microsoft has decided not to implement it.
