[AusNOG] Telstra manipulating DNS to block botnets
Jake Anderson
yahoo at vapourforge.com
Thu Jun 14 18:24:00 EST 2012
mucking with DNS sets a bad precedent.
Many of the arguments against dns based block lists (great firewall of
conroy) were based on dns blocking would slow things down etc.
I think law changes or AUP changes allowing or perhaps mandating
infected computers be "quarantined" would be a much better root causes fix.
You don't need to be a jerk about it, emails, click through warnings,
and eventually quarantine over the course of a month would suffice.
From the POV of the service provider it makes sense to me, botnet
traffic costs everybody money the customer and the carrier and detecting
it wouldn't be too arduous.
You don't need deep packet inspection on every packet traversing your
network. A few heuristics to identify candidates (spikes in traffic etc)
a little packet capture and monitoring of those for suspicious traffic.
Pretty much the same as the banks with CC fraud.
I spose it might scare people about the privacy implications though.
On 14/06/12 16:54, Martin - StudioCoast wrote:
> http://www.computerworld.com.au/article/427613/telstra_trial_detects_5_4_per_cent_botnet_infection_rate/
> <http://www.computerworld.com.au/article/427613/telstra_trial_detects_5_4_per_cent_botnet_infection_rate/#closeme>
>
> Surely contacting the domain registrars to get these domains taken
> down is a better approach than altering dns records at the ISP end.
> I guess this leads to a question to all network operators of
> Australian ISPs, do you modify DNS records in your cache and if so
> what for?
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120614/74677c52/attachment.html>
More information about the AusNOG
mailing list