[98069] in North American Network Operators' Group
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
daemon@ATHENA.MIT.EDU (Sean Donelan)
Tue Jul 24 14:15:49 2007
Date: Tue, 24 Jul 2007 13:41:48 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: Joe Greco <jgreco@ns.sol.net>
cc: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>,
nanog@merit.edu
In-Reply-To: <200707241559.l6OFxLUY074393@aurora.sol.net>
Errors-To: owner-nanog@merit.edu
On Tue, 24 Jul 2007, Joe Greco wrote:
> So I'm supposed to invent a solution that does WAY MORE than what Cox
> was trying to accomplish, and then you'll listen? Forget that (or
> pay me).
Since it was a false positive, isn't the correct answer to not include
irc.vel.net in the Bot C&C list rather than trying to come up with more
convoluted solutions?
Is it that much different than when a group makes a mistake implementing a
USENET Death Penalty, SPAMHAUS DROP list, Bogon lists, Walled Gardens,
even BCP38++, etc? Anytime you expect ISPs to do more than forward
packets (and right or wrong some vocal groups and politicians think ISPs
should do even more to stop network abuse), there is always a chance
someone or something will make a mistake.
