North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS Hijacking by Cox

  • From: Peter Dambier
  • Date: Tue Jul 24 18:08:02 2007

The problem is, you dont know what is behind that probably NATted ip address. Probably you have 3 unix machines running smtp and uucp and a single infected windows box and maybe some VoIPs and ...

You kill everything but that single maudit infected windows.

The guy who is running the windows box is Dad and he wont come
home before the weekend.

Oh, you killed the VoIP. Sorry I cannot fone Dad and tell him
his pc is infected.

You might as well hit a small business with some 50 workstations. Again you hit their VoIP and maybe their VPN so their outsourced system manager cannot dial in and try to repair things.

Maybe it would teach them not to get infected but I would not want to be their ISP.

Of course we are "only" talking about IRC but which botherder
is depending on IRC only?

Kind regards Peter and Karin

Mattias Ahnberg wrote:
James Hess wrote:

I suspect it would be most useful if "detected drones" by most major IRC
network would be visible to cooperating ISPs for further analysis, not
just Undernet.

I'd dare to say that most of us major networks hardly see a small
percentage of the big botnets around, the miscreants have since a
long time back learned to use own C&Cs where the connected IPs of
a connected client is hidden from all but themselves.

But it certainly would not hurt if there was a good way to report
drones to ISPs and actually get some attention to the problem. A
bunch of small streams quickly build up to a larger river in the
end, I guess.

Perhaps a larger issue for the ISPs is what to actually DO with
their infected customers. To what extent is the ISP responsible
for what their users do and how their computers are setup? I do
not have a clear answer to that.

Since almost every user is using the web a nice system could be
to redirect reported PCs through a proxy the ISP controls where
the user can get information about what to do about problems and
at the same time still reach the Internet after chosing to click
away the information; or something along those lines.

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP:
mail: [email protected]
mail: [email protected]