nanog mailing list archives
Re: DNS Hijacking by Cox
From: Joe Greco <jgreco () ns sol net>
Date: Mon, 23 Jul 2007 10:37:55 -0500 (CDT)
On Mon, 23 Jul 2007, Joe Greco wrote:And, incidentally, I do consider this a false positive. If any average person might be tripped up by it, and we certainly have a lot of average users on IRC, then it's bad. So, the answer is, "at least one false positive."The only way any human activity will NEVER have a single false positive, i.e. mistake, is by never doing anything. Do people really want ISPs not to do anything?
I'd prefer that ISP's tends towards taking no action when taking action has a strong probability of backfiring. For example, even if you had no clue that it was a legitimate EFNet IRC server, irc.vel.net is trivially Googleable and you can determine that it will therefore be used by various real users. Redirecting this would be a bad thing. On the flip side, redirecting irc.jgreco.net, because you found it in some bot's connection directory, when Googled, indicates that there are no matched documents. While this isn't conclusive proof that it won't break somebody, it is relatively much less likely to be a customer affecting issue. Since the domain is relatively new, it would be a lot more suspicious. You could even try connecting to it (if it existed) to see what the deal was. I would still be irate if someone owned a portion of my namespace in that manner, but as a relative comparison, I could see a much better case for it. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: Port 587 vs. 25 [was: DNS Hijacking by Cox], (continued)
- Re: Port 587 vs. 25 [was: DNS Hijacking by Cox] Mikael Abrahamsson (Jul 23)
- Re: Port 587 vs. 25 [was: DNS Hijacking by Cox] Jeroen Wunnink (Jul 23)
- Re: Port 587 vs. 25 Florian Weimer (Jul 23)
- Re: DNS Hijacking by Cox Stephen Wilcox (Jul 22)
- Re: DNS Hijacking by Cox Niels Bakker (Jul 22)
- Re: DNS Hijacking by Cox David Conrad (Jul 23)
- Re: DNS Hijacking by Cox Joe Greco (Jul 23)
- Re: DNS Hijacking by Cox Sean Donelan (Jul 23)
- Re: DNS Hijacking by Cox Joe Greco (Jul 23)
- Re: DNS Hijacking by Cox Sean Donelan (Jul 23)
- Re: DNS Hijacking by Cox Joe Greco (Jul 23)
- Re: DNS Hijacking by Cox Sean Donelan (Jul 23)
- Re: DNS Hijacking by Cox Andrew Matthews (Jul 23)
- Re: DNS Hijacking by Cox Steven Haigh (Jul 23)
- Re: DNS Hijacking by Cox Joe Greco (Jul 23)
- Re: DNS Hijacking by Cox Chris L. Morrow (Jul 24)
- Re: DNS Hijacking by Cox Niels Bakker (Jul 22)
- Re: DNS Hijacking by Cox Sean Donelan (Jul 23)
- Re: DNS Hijacking by Cox Valdis . Kletnieks (Jul 23)
- Re: DNS Hijacking by Cox David W. Hankins (Jul 23)
- Re: DNS Hijacking by Cox Joe Greco (Jul 23)
- RE: DNS Hijacking by Cox Raymond L. Corbin (Jul 23)