Re: DNS Hijacking by Cox

• From: Andrew Matthews
• Date: Mon Jul 23 13:34:42 2007

• Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=oq4OXAMoIAVXb73l8b7y1bUseaeunFh8v7YOSczkZMf+0Q4Fjh+tBXCypX2EXDUqOSrj5kNVvtIGVXPrkiHB8suDXL2dENNfkhbsd8VzTmg/s7mrGIJsB5fugI8G7JkBFf4oVsXakC8I2Urc7wELiYXrF3/KZWiwbBqiPiP8obI=
• Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=d8+mUZGln/faGVuEaA9Dz4x0SeFe7fqox/GVrXOLYbjpcXA5n+9vq2OegdkDqeHffTm1MQlVTo2EmNLkMD9LSpm5DKL2ppcoUG32s2iBdTzPOlRLAbK7Uy/el02JmTUKu82e5K6dxdkjv6n4PBDrUhLxrlXTR2tTuVCCrDEpF54=

On Mon, 23 Jul 2007, Joe Greco wrote:
> I'd prefer that ISP's tends towards taking no action when taking action
> has a strong probability of backfiring.

Everything has a chance of backfiring. So ISPs should take no action.

Please let me know how your next DDOS attack lasts.

We on EFnet take drones very seriously and do a very good job of
cleaning them. I'd say we are probably one of the larger cleanest irc
networks. 99% of ddos come from hacked drones running on C&C servers
that are not large networks. They run their on ircd or use a tiny
network where they will be unnoticed. I also run 2 undernet servers
that have a much higher drone count. I don't see my servers over there
hijacked.

• References:
  • Re: DNS Hijacking by Cox Joe Greco
  • Re: DNS Hijacking by Cox Sean Donelan

• Prev by Date: Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox)
• Next by Date: Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
• Date Index
• Thread Index
• Author Index
• Historical