nanog mailing list archives
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
From: Sean Donelan <sean () donelan com>
Date: Mon, 23 Jul 2007 12:42:22 -0400 (EDT)
On Mon, 23 Jul 2007, Joe Greco wrote:
So how do you connect to the real IRC server, then? Remember that most end users are not nslookup-wielding shell commandos who can figure out whois and look up the IP.
If those users are so technically unsophisticated, do you really expect the other users with infected computers to figure out how to disinfect their computer and remove the Bots instead?
So you have potentially tens of thousands of infected computers with Bots making connections to an IRC server. You know many of those bots are well-known, old bots that have built-in removal commands. But 99% of those users don't have the technical knowledge to clean their machine themselves or know what a Bot is. On the other hand, you have 1% of users are sophisticated enough to use IRC servers. And a few percentage of overlap between the two groups.
What do you do? a. nothingb. terminate tens of thousands of user accounts (of users who are mostly "innocent" except their computer was compromised)
c. block all IRC d. redirect IRC connections to a few servers known to be used by Bots e. something else
Current thread:
- Re: DNS Hijacking by Cox, (continued)
- Re: DNS Hijacking by Cox Steven Haigh (Jul 22)
- RE: DNS Hijacking by Cox Raymond L. Corbin (Jul 22)
- Multiple different ISPs respond to Bots (was RE: DNS Hijacking by Cox) Sean Donelan (Jul 22)
- Re: Multiple different ISPs respond to Bots (was RE: DNS Hijacking by Cox) Matthew Sullivan (Jul 22)
- Re: DNS Hijacking by Cox Joe Greco (Jul 22)
- How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox) Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking by Cox) Leigh Porter (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Valdis . Kletnieks (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Sean Donelan (Jul 23)
- Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking Joe Greco (Jul 23)