[98089] in North American Network Operators' Group
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
daemon@ATHENA.MIT.EDU (Chris L. Morrow)
Tue Jul 24 18:12:24 2007
Date: Tue, 24 Jul 2007 21:19:05 +0000 (GMT)
From: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>
In-reply-to: <200707241559.l6OFxLUY074393@aurora.sol.net>
To: Joe Greco <jgreco@ns.sol.net>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Tue, 24 Jul 2007, Joe Greco wrote:
> > On Mon, 23 Jul 2007, Joe Greco wrote:
> > > > > Yes, when there are better solutions to the problem at hand.
> > > >
> > > > Please enlighten me.
> > >
> > > Intercept and inspect IRC packets. If they join a botnet channel, turn on
> > > a flag in the user's account. Place them in a garden (no IRC, no nothing,
> > > except McAfee or your favorite AV/patch set).
> >
> > Pleaes do this at 1Gbps, really 2Gbps today and 20gbps shortly, in a cost
> > effective manner.
>
> Mmmmm... okay. Would you like solution #1 or solution #2? (You can pay
> for solutions above and beyond that)
>
I tried to be nice and non-sarcastic. I outlined requirements from a real
network security professional on a large transit IP network. You
completely glossed over most of it and assumed a host of things that
weren't in the requirements. I'm sorry that i didn't get my point across
to you, please have a nice day.
-Chris
