[AusNOG] Telstra manipulating DNS to block botnets

Roland Chan roland at chan.id.au
Sat Jun 16 12:25:50 EST 2012


The problem with that approach is the potential for a customer to be
permanently stuck in quarantine because they lack the knowledge to clean
their computer.

I don't think that is an acceptable outcome, at least not while they're
paying for service.
On Jun 15, 2012 8:36 PM, "Anand Kumria" <akumria at acm.org> wrote:

> Until, of course, we have client side apps which check the DNSSEC
> trust bits. And then the whole approach is doomed.
>
> It'll happen sooner than you expect (is already happening with SSH for
> example).
>
> I'm with Mark. If you have a customer you suspect of infection, rather
> than allowing them to continue using the Internet - quarantine them.
>
> It'll result in a short-term spike in support calls, but by doing it
> on an exchange by exchange basis initially.
>
> You ought to be able to control the resultant incoming calls.
>
> Anand
>
> On 15 June 2012 11:53, Barrie Hall <barrie at mypond.net> wrote:
> >
> >
> >>
> >> > Managing and ensuring the quality and timeliness of the poisoning data
> >> > is
> >> > the *big issue* with this technology but we are seeing very good
> results
> >> > now.
> >> >
> >> > Barrie
> >>
> >> It'd be interesting to know what your customers think of this
> >> "intervention". Do they welcome that their ISP has detected a problem
> >> and wants to help them or is it viewed as an unwelcome impost?
> >>
> >> It's a difficult situation that I don't envy. You're trying to solve a
> >> problem you didn't create, you're trying to do the right thing for
> >> your customers, your network and the general good, but the consumer
> >> probably sees it as an inconvenience and a possible cost.
> >>
> >> I imagine the "messaging" has a lot to do with the consumer
> >> response.
> >>
> >> If I mis-remember, Earthlink used to be pretty pro-active like this
> >> and did a pretty good messaging job in the email space: here's one
> >> example
> >>
> http://support.earthlink.net/articles/email/email-blocked-by-earthlink.php
> >>
> >>
> >
> > Mark,
> >
> > My views are my own on this email list so I can't get into what Telstra
> is
> > and isn't doing. I will say that I am happy to discuss the value of DNS
> > "purity" vs using DNS to solve some nasty problems we face every day.
> >
> > DNS is a valuable "control plane" which allows ISP's to deliver a better
> > service with some tweaking. It is public knowledge that a number of ISP's
> > are using DNS to suppress access to "the worst of the worst" child
> > exploitation material on the Internet. I don't think that there is any
> doubt
> > that this has been a success.
> >
> > Using DNS to surpress Botnets seems to me to be a "no brainer".
> >
> > Barrie
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
>
>
>
> --
> “Don’t be sad because it’s over. Smile because it happened.” – Dr. Seuss
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120616/0b857fa4/attachment.html>


More information about the AusNOG mailing list