nanog mailing list archives
Re: DNS Attacks
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Mon, 20 Feb 2012 12:57:46 -0500
On Mon, Feb 20, 2012 at 10:38 AM, Tei <oscar.vives () gmail com> wrote:
I am a mere user, so I all this stuff sounds to me like giberish. The right solution is to capture the request to these DNS servers, and send to a custom server with a static message "warning.html". Nothing fancy. With a phone number to "get out of jail", so people can call to "op-out" of this thing, so can browse the internet to search for a solution.
in this case, the fbi/dns-changer case, the information is pretty straightforward for theisp folk... 'client machine makes dns queries not to the isp dns server (or one of several free dns services), but to a known bad set of netblocks' the easy fix is to just stand up (forever, ha!) dns servers on the ip blocks inside the ISP's network, done and done... they can then start notifying the customers via mail/email/carrier-pidgeon that they are infected, along with instructions about how to get un-infected. -chris
Current thread:
- Re: DNS Attacks, (continued)
- Re: DNS Attacks Robert Bonomi (Feb 18)
- Re: DNS Attacks Ken Gilmour (Feb 19)
- Re: DNS Attacks Patrick W. Gilmore (Feb 19)
- Re: DNS Attacks Jeroen Massar (Feb 19)
- Re: DNS Attacks Valdis . Kletnieks (Feb 19)
- Re: DNS Attacks Robert Bonomi (Feb 18)
- Re: DNS Attacks Robert Bonomi (Feb 19)
- Re: DNS Attacks Ken Gilmour (Feb 19)
- Re: DNS Attacks Tei (Feb 20)
- Re: DNS Attacks Valdis . Kletnieks (Feb 20)
- Re: DNS Attacks Christopher Morrow (Feb 20)
- Re: DNS Attacks Christopher Morrow (Feb 20)
- Re: DNS Attacks Joel jaeggli (Feb 20)
- Re: DNS Attacks Christopher Morrow (Feb 21)
- Re: DNS Attacks Jimmy Hess (Feb 21)
- Re: DNS Attacks Valdis . Kletnieks (Feb 21)
- Re: DNS Attacks Henry Linneweh (Feb 21)