North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
On Mon, 23 Jul 2007, Joe Greco wrote:
Would it be better if ISPs just blackholed certain IP addresses associated with Bot C&C servers instead of trying to give the user a message. That doesn't require examining the data content of any messages. The user just gets a connection timeout.
That's what Verizon was doing. Guess what. People complained about it too.
Interestingly enough, some of us care. Some of us care enough to run clean networks AND to make sure that what we're selling isn't compromised by deliberate DNS hijackings and site redirections.
But do include things like patching servers to filter messages that contain certain strings which might accidently catch a legitimate message on occasion. People probably complain about those things too.
It sucks when you are the one that gets caught by a false positive. Unfortunately, every attempt at anti-abuse systems have experienced it
at one time or another. Probably even some of the things you've done
over the years trying to run a clean network has accidently made a mistake.