|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: DNS Hijacking by Cox
> No amount of IRC redirection is going to remove bots and fix their > compromised computers. > > ... JG Let's not confuse two different forms of IRC redirection, one which I think is perfectly okay and one which is definitely not okay. In the first type, the redirection is an immediate response to a threat that is not completely understood. Clients that connect to the target of the redirect are studied. Legitimate clients are separated from compromised ones as quickly as practically possible. Legitimate clients are given a message, if possible, that the service they are trying to use is temporarily unavailable due to a current threat. If there is some other way they can access the service (for example, direct entry of the IP), they are informed of that. Compromised clients are tracked and, where possible, notified. The current level of the threat is tracked, and when it is sufficiently minimal, the redirect is removed. This model is perfectly reasonable as a response to all kinds of threats. This includes cases where a traffic has to be blocked or redirected due to a new attack. The second form is the one that causes a problem. In this case, no attempt is made to study or understand the threat once a way to block it is found. Collateral damage is ignored, no effort is made to minimize inconvenience to legitimate users. No effort is made to notify compromised users. The filter or redirect is left in place indefinitely, until and unless a large number of complaints is received. The threat is not even monitored. The filter/redirect is considered a permanent solution. While it may officially be regarded as temporary, it is effectively left there and forgotten. Now these are two very different approaches to a threat. However, they both can involve hijacking, filtering, or redirection. I used to work as a consultant, helping companies negotiate contracts with ISPs. One thing I always did was make it clear that the first type of response was perfectly permissible, even if it harmed us, but the second was not, even if it did not harm us. DS
|