North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
> On Mon, 23 Jul 2007, Joe Greco wrote: > > I think there's a bit of a difference, in that when you're using every > > commercial WiFi hotspot and hotel login system, that they redirect > > everything. Would you truly consider that to be the same thing as one > > of those services redirecting "www.cnn.com" to their own ad-filled news > > page? > > Let's get "real." That's not what those ISPs are doing in this case. I never said it was, but if you don't want to compare the situations using reasonable comparisons (redirecting one thing is different than redirecting all), then I have no interest in debating with you, and you "win" for some sucky definition of "win." > They aren't pretending to be the real IRC server (the redirected IRC > server indicates its not the real one). The ISP isn't send ad-fill > messages. The irc.foonet.com server clearly sends several cleaning > commands used by several well-known, and very old, Bots. I might have > given the server a different name, but its obviously not trying to > impersonate the real irc server. So how do you connect to the real IRC server, then? Remember that most end users are not nslookup-wielding shell commandos who can figure out whois and look up the IP. And what happens when the ISP redirects by IP instead, if we're going to play that game? > Do you prefer ISPs to break everything, including the users VOIP service > (can't call 9-1-1), e-mail service (can't contact the help desk), web > service (can't look for help)? Or should the ISP only disrupt the minimum > number of services needed to clean the Bot? All right, here we go. Please explain the nature of the bot on my freshly installed (last night) FreeBSD 6.2R box. # ls -ld /; date; uname -r; uname -s drwxr-xr-x 28 root wheel 512 Jul 22 23:04 / Mon Jul 23 10:56:57 CDT 2007 6.2-RELEASE FreeBSD # echo "nameserver 18.104.22.168" > /etc/resolv.conf # host irc.vel.net irc.vel.net has address 22.214.171.124 Hint: there is no bot. My traffic is being redirected regardless. Were I a Cox customer (and I'm not), I'd be rather ticked off. Interfering with services in order to clean a bot would be a much more plausible excuse if there was a bot. There is no bot. So, to reiterate your own point: > Or should the ISP only disrupt the minimum > number of services needed to clean the Bot? Yes, exactly. And that's obviously not what Cox is doing. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.