North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking

  • From: Chris L. Morrow
  • Date: Mon Jul 23 14:10:11 2007


On Mon, 23 Jul 2007, Joe Greco wrote:

>
> > On Sun, 22 Jul 2007, Joe Greco wrote:
> > > We can break a lot of things in the name of "saving the Internet."  That
> > > does not make it wise to do so.
> >
> > Since the last time the subject of ISPs taking action and doing something
> > about Bots, a lot of people came up with many ideas involving the ISP
> > answering DNS queries with the addresses of ISP cleaning servers.
> >
> > Just about every commercial WiFi hotspot and hotel login system uses a
> > fake DNS server to redirect users to its login pages.
>
> I think there's a bit of a difference, in that when you're using every
> commercial WiFi hotspot and hotel login system, that they redirect
> everything.  Would you truly consider that to be the same thing as one
> of those services redirecting "www.cnn.com" to their own ad-filled news
> page?

That's only on initial login, prior to login I suppose. I'm fairly certain
their servers could return other 'invalid' responses after login if they
wanted, they might even see some revenue savings by redirecting a list of
'known bad things' off to 127.0.0.1 (for instance, pick your preferred
place).

> However, if I were to go to a hotel, and they intercept random (to me)
> web sites, I'd consider that a very bad thing.

What if it was things you didn't use, didn't know about and were there for
some measure of your protection? (or your grandmother's protection even)

>
> > Many universities
> > use a fake DNS server to redirect student computers to cleaning sites.
>
> I'm not sure I entirely approve of that, either, but at least it is more
> like the hotel login scenario than the hotel random site redirection
> scenario.

The problem is that there is very little difference... and it's very
'easy' to say (as a provider) "hey, I can help my customers, and the
Intertubes as a whole..."  (btw, how's this all different than opendns?)

One of the highlights of this discussion is that people get upset when you
mess with 'basic plumbing' in a non-obvious manner. I suppose if you KNOW
that it's happening (change your resolv.conf to opendns servers) that's
one thing, though do you know or can you config opendns to NOT redirect
(example) irc.vel.net but DO irc.badguy.net? messing with DNS brings with
it consequences, some good ones and some bad ones...