[98015] in North American Network Operators' Group
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
daemon@ATHENA.MIT.EDU (Joe Greco)
Mon Jul 23 16:30:05 2007
From: Joe Greco <jgreco@ns.sol.net>
To: sean@donelan.com (Sean Donelan)
Date: Mon, 23 Jul 2007 14:56:15 -0500 (CDT)
Cc: ops.lists@gmail.com (Suresh Ramasubramanian), nanog@merit.edu
In-Reply-To: <Pine.GSO.4.64.0707231209530.21903@clifden.donelan.com> from "Sean Donelan" at Jul 23, 2007 12:26:44 PM
Errors-To: owner-nanog@merit.edu
> On Mon, 23 Jul 2007, Suresh Ramasubramanian wrote:
> >> What should be the official IETF recognized method for network operators
> >> to asynchronously communicate with users/hosts connect to the network for
> >> various reasons getting those machines cleaned up?
> >
> > Most large carriers that are also MAAWG members seem to be pushing
> > walled gardens for this purpose.
>
> Walled gardens also block access to external IRC servers.
However, that would seem to be expected.
> On a network protocol level, walled gardens also contain things like fake
> DNS servers (what about DNSsec), fake http servers, fake (or forced) NAT
> re-writing IP addresses, access control lists and lots of stuff trying to
> respond to the user's traffic with alerts from the ISP.
>
> Although there seems to be a contingent of folks who believe ISPs should
> never block or redirect any Internet traffic for any reason, the reality
> is stepping into the middle of the user's traffic sometimes the only
> practical way for ISPs to reach some Internet users with infected
> computers.
Then they should do that ... FOR the users with infected computers ...
and not break DNS for other legitimate sites.
> But, like other attempts to respond to network abuse (e.g. various
> block lists), sometimes there are false positives and mistakes. When
> it happens, you tweak the filters and undue the wrong block. Demanding
> zero chance of error before ISPs doing anything just means ISPs won't do
> anything.
"Think before act."
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
