[AusNOG] Telstra manipulating DNS to block botnets

Anand Kumria akumria at acm.org
Fri Jun 15 20:35:30 EST 2012 

Until, of course, we have client side apps which check the DNSSEC
trust bits. And then the whole approach is doomed.

It'll happen sooner than you expect (is already happening with SSH for example).

I'm with Mark. If you have a customer you suspect of infection, rather
than allowing them to continue using the Internet - quarantine them.

It'll result in a short-term spike in support calls, but by doing it
on an exchange by exchange basis initially.

You ought to be able to control the resultant incoming calls.

Anand

On 15 June 2012 11:53, Barrie Hall <barrie at mypond.net> wrote:
>
>
>>
>> > Managing and ensuring the quality and timeliness of the poisoning data
>> > is
>> > the *big issue* with this technology but we are seeing very good results
>> > now.
>> >
>> > Barrie
>>
>> It'd be interesting to know what your customers think of this
>> "intervention". Do they welcome that their ISP has detected a problem
>> and wants to help them or is it viewed as an unwelcome impost?
>>
>> It's a difficult situation that I don't envy. You're trying to solve a
>> problem you didn't create, you're trying to do the right thing for
>> your customers, your network and the general good, but the consumer
>> probably sees it as an inconvenience and a possible cost.
>>
>> I imagine the "messaging" has a lot to do with the consumer
>> response.
>>
>> If I mis-remember, Earthlink used to be pretty pro-active like this
>> and did a pretty good messaging job in the email space: here's one
>> example
>> http://support.earthlink.net/articles/email/email-blocked-by-earthlink.php
>>
>>
>
> Mark,
>
> My views are my own on this email list so I can't get into what Telstra is
> and isn't doing. I will say that I am happy to discuss the value of DNS
> "purity" vs using DNS to solve some nasty problems we face every day.
>
> DNS is a valuable "control plane" which allows ISP's to deliver a better
> service with some tweaking. It is public knowledge that a number of ISP's
> are using DNS to suppress access to "the worst of the worst" child
> exploitation material on the Internet. I don't think that there is any doubt
> that this has been a success.
>
> Using DNS to surpress Botnets seems to me to be a "no brainer".
>
> Barrie
>
>
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>



-- 
“Don’t be sad because it’s over. Smile because it happened.” – Dr. Seuss

More information about the AusNOG mailing list