[AusNOG] Telstra manipulating DNS to block botnets

Jake Anderson yahoo at vapourforge.com
Mon Jun 18 13:23:59 EST 2012


On 18/06/12 12:31, Mark Andrews wrote:
> In message<60828CFFDBEBA946AC54D9293505E84D0149F30DC60B at sssydmail01.stratsec.l
> ocal>, Eric Pinkerton writes:
>> Let's also not forget, that it's more and more the case today that people hav
>> e multiple machines connected to their home router including smartphones, lap
>> tops, DVD players, Tablets, Games Consoles, Media Centres etc etc - and so qu
>> arantining the entire connection because one of those machines is infected ca
>> n be far more disruptive to your customers than it once was.
> Which in turn makes it all the more important that the customer is
> informed of the problem so they can rectify the problem.  All those
> machines are within the home network so there is potential for
> elevated levels of trust of the infected machine.
>
> Mark
If it was to work a quarantine system would need to be applied at pretty 
much all ISP's so people don't just churn to somebody who doesn't block.

This is something the Govt could actually do real good with. Some sort 
of Govt lead industry body that identifies infected networks and 
quarantines them. They already do this for infected people and the wider 
population accepts it.

It need not be massively disruptive, the process of placing a host into 
quarantine could be gradual and if the client is on the ball there need 
be no loss of service.
5 business days from detection to quarantine say.
You email them the moment its detected with a warning and put them into 
monitoring.
2 days later if its still ongoing another email (or phone call if you 
have a "premium" provider)
4 days after detection start redirecting them to clickthroughs that 
their network is going to be shut down tomorrow
5 days after detection its walled garden time.

Support costs should be minimal, "you have a virus on your computer, go 
get it fixed then call us back bye -click-"

In terms of contract, drop the customers to line rental rates whilst 
they are infected and pause the duration of the contract (also offer 
"pauses" to the clients so people don't get infected just to take a 
holiday).

If all ISP's in .au did it I can see some drastic improvements in the 
overall health of "the network" reduced bank fraud and the like, net win 
for society as a whole.

The kiddies would be exposed to far less porn if their computers were 
clean of redirecting viruses than the great firewall will prevent.
(i know the firewall isn't/wasn't sposed to protect the kiddies eyes but 
thats the way it always sounds in the media)



More information about the AusNOG mailing list