North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS Hijacking by Cox

  • From: Joe Greco
  • Date: Mon Jul 23 12:44:11 2007

> On Mon, 23 Jul 2007, Joe Greco wrote:
> > And, incidentally, I do consider this a false positive.  If any average
> > person might be tripped up by it, and we certainly have a lot of average
> > users on IRC, then it's bad.  So, the answer is, "at least one false
> > positive."
> The only way any human activity will NEVER have a single false positive, 
> i.e. mistake, is by never doing anything.
> Do people really want ISPs not to do anything?

I'd prefer that ISP's tends towards taking no action when taking action
has a strong probability of backfiring.

For example, even if you had no clue that it was a legitimate EFNet IRC
server, is trivially Googleable and you can determine that it
will therefore be used by various real users.  Redirecting this would be
a bad thing.

On the flip side, redirecting, because you found it in some
bot's connection directory, when Googled, indicates that there are no
matched documents.  While this isn't conclusive proof that it won't break
somebody, it is relatively much less likely to be a customer affecting
issue.  Since the domain is relatively new, it would be a lot more
suspicious.  You could even try connecting to it (if it existed) to see
what the deal was.

I would still be irate if someone owned a portion of my namespace in that 
manner, but as a relative comparison, I could see a much better case for 

... JG
Joe Greco - Network Services - Milwaukee, WI -
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.