Re: DNS Hijacking by Cox

[Mattias Ahnberg <mattias () ahnberg pp se>]

James Hess wrote:
> I suspect it would be most useful if "detected drones" by most major IRC
> network would be visible to cooperating ISPs for further analysis, not
> just Undernet.

I'd dare to say that most of us major networks hardly see a small
percentage of the big botnets around, the miscreants have since a
long time back learned to use own C&Cs where the connected IPs of
a connected client is hidden from all but themselves.

But it certainly would not hurt if there was a good way to report
drones to ISPs and actually get some attention to the problem. A
bunch of small streams quickly build up to a larger river in the
end, I guess.

Perhaps a larger issue for the ISPs is what to actually DO with
their infected customers. To what extent is the ISP responsible
for what their users do and how their computers are setup? I do
not have a clear answer to that.

Since almost every user is using the web a nice system could be
to redirect reported PCs through a proxy the ISP controls where
the user can get information about what to do about problems and
at the same time still reach the Internet after chosing to click
away the information; or something along those lines.
-- 
/ahnberg.