[98021] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking

daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Jul 23 17:09:27 2007

Date: Mon, 23 Jul 2007 16:17:39 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>
cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0707231955550.1179@marvin.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu


On Mon, 23 Jul 2007, Chris L. Morrow wrote:
> So, to back this up and get off the original complaint, if a service
> provider can protect a large portion of their customer base with some
> decent intelligence gathering and security policy implementation is that a
> good thing? keeping in mind that in this implementation users who know
> enough and are willing to forgoe that 'protection' (for some value of
> protection) can certainly circumvent/avoid it.

Joe St Sauver covers some of these topics.

http://www.uoregon.edu/~joe/zombies.pdf

Should ISPs attempt to block Bot Command and Control connections (which 
is more general than just IRC C&C Bots), assuming ISPs try to avoid 
"legitimate" servers although mistakes might happen?


home help back first fref pref prev next nref lref last post