North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking )

  • From: Chris L. Morrow
  • Date: Tue Jul 24 17:56:52 2007

On Tue, 24 Jul 2007, Paul Ferguson wrote:

> Hash: SHA1
> - -- Christopher Morrow <[email protected]> wrote:
> >I'd love to see CPE dsl/cable-modem providers integrate with a 'service'
> >that lists out 'bad' things. it'd be nice if the user could even tailor
> >that list (just C&C or C&C + child-porn or C&C older not than X
> >days/hours/minutes) ... I think it might even help, and be vendor
> >>agnostic (from a provide and hardware) perspective.
> Ironically, that is exactly part of a product announcement that
> we (Trend Micro) are making on 30 July.

neat, if only our marketting folks would see such benefits :( good for
you! :)

> Since this topic arose, I saw Trend mentioned as a possible
> product "culprit" in this scenario, but it isn't. Yet. :-)

not a culprit so much as a way that this sort of dns redirection could
have been done, in a vendor supplied/supported device even.

> The particular service to be announced on Monday (BIS, or Botnet
> Identification Service), is nothing more than a BGP feed of _known_
> and _vetted_ botnet C&Cs as /32s, intended to be a black-hole feed.
> Interested folks should either e-mail me off-list, or just wait for
> the official announcement on 30 July.

note that this will take out vhost systems... unless they are vetted off
the list, which is certainly possible of course.