North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking )
On Tue, 24 Jul 2007, Paul Ferguson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -- Christopher Morrow <[email protected]> wrote: > > >I'd love to see CPE dsl/cable-modem providers integrate with a 'service' > >that lists out 'bad' things. it'd be nice if the user could even tailor > >that list (just C&C or C&C + child-porn or C&C older not than X > >days/hours/minutes) ... I think it might even help, and be vendor > >>agnostic (from a provide and hardware) perspective. > > Ironically, that is exactly part of a product announcement that > we (Trend Micro) are making on 30 July. neat, if only our marketting folks would see such benefits :( good for you! :) > > Since this topic arose, I saw Trend mentioned as a possible > product "culprit" in this scenario, but it isn't. Yet. :-) not a culprit so much as a way that this sort of dns redirection could have been done, in a vendor supplied/supported device even. > > The particular service to be announced on Monday (BIS, or Botnet > Identification Service), is nothing more than a BGP feed of _known_ > and _vetted_ botnet C&Cs as /32s, intended to be a black-hole feed. > > Interested folks should either e-mail me off-list, or just wait for > the official announcement on 30 July. > note that this will take out vhost systems... unless they are vetted off the list, which is certainly possible of course.