North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: How should ISPs notify customers about Bots (Was Re: DNS Hijacking

  • From: David Schwartz
  • Date: Tue Jul 24 20:05:18 2007

> On Mon, 23 Jul 2007, Joe Greco wrote:

> > Intercept and inspect IRC packets.  If they join a botnet
> > channel, turn on
> > a flag in the user's account.  Place them in a garden (no IRC,
> > no nothing,
> > except McAfee or your favorite AV/patch set).

> Wow, you are recommending ISPs wiretap their subscribers.
> I suspect some privacy advocates will be upset with ISPs doing that.

Suppose I add a firewall rule to my router to block traffic to a particular
port. Does my router thereby "wiretap" every packet passing through it
because it needs to find out its destination port in order to determine if
the rule applies or not?

It is sometimes a tricky issue when you filter through legitimate traffic to
stop illegitimate traffic. But a rule that this is always wiretapping of
anything subjected to the automated inspection leads to ridiculous results.