[98007] in North American Network Operators' Group
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Jul 23 14:43:49 2007
To: Sean Donelan <sean@donelan.com>
Cc: Joe Greco <jgreco@ns.sol.net>, nanog@merit.edu
In-Reply-To: Your message of "Mon, 23 Jul 2007 12:42:22 EDT."
<Pine.GSO.4.64.0707231226580.21903@clifden.donelan.com>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 23 Jul 2007 14:01:29 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1185213689_3395P
Content-Type: text/plain; charset=us-ascii
On Mon, 23 Jul 2007 12:42:22 EDT, Sean Donelan said:
> b. terminate tens of thousands of user accounts (of users who are mostly
> "innocent" except their computer was compromised)
Given how often compromised computers have *multiple* installs of badware on
them, just cleaning off *one* bot that happens to be old enough to respond to
their cleaning script is not magically making their system actually safe.
There's probably *other* stuff on the box as well.
So just waving a mostly-ineffective magic wand at *part* of the problem isn't
doing anybody any favors. Maybe you *should* be doing something drastic enough
to make the user sit up and take notice and *do* something...
(Disclaimer - I can get away with doing that, as "user bails for another
provider and takes his revenue with them instead of fixing the problem" isn't
an issue for my revenue stream. YMMV. :)
--==_Exmh_1185213689_3395P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFGpOz5cC3lWbTT17ARAv89AKDc68be5hvyP5hUMa0Ng2y21j1z1QCgor5O
MEXerUqLueiIoXmo1MyH/j4=
=RABf
-----END PGP SIGNATURE-----
--==_Exmh_1185213689_3395P--
