[AusNOG] Telstra manipulating DNS to block botnets

Roland Chan roland at chan.id.au
Mon Jun 18 21:27:29 EST 2012


Would anyone like to try that with a real unskilled customer and get back
to us with the response?
On Jun 18, 2012 1:24 PM, "Jake Anderson" <yahoo at vapourforge.com> wrote:

> On 18/06/12 12:31, Mark Andrews wrote:
>
>> In message<**60828CFFDBEBA946AC54D9293505E8**4D0149F30DC60B at sssydmail01.*
>> *stratsec.l
>> ocal>, Eric Pinkerton writes:
>>
>>> Let's also not forget, that it's more and more the case today that
>>> people hav
>>> e multiple machines connected to their home router including
>>> smartphones, lap
>>> tops, DVD players, Tablets, Games Consoles, Media Centres etc etc - and
>>> so qu
>>> arantining the entire connection because one of those machines is
>>> infected ca
>>> n be far more disruptive to your customers than it once was.
>>>
>> Which in turn makes it all the more important that the customer is
>> informed of the problem so they can rectify the problem.  All those
>> machines are within the home network so there is potential for
>> elevated levels of trust of the infected machine.
>>
>> Mark
>>
> If it was to work a quarantine system would need to be applied at pretty
> much all ISP's so people don't just churn to somebody who doesn't block.
>
> This is something the Govt could actually do real good with. Some sort of
> Govt lead industry body that identifies infected networks and quarantines
> them. They already do this for infected people and the wider population
> accepts it.
>
> It need not be massively disruptive, the process of placing a host into
> quarantine could be gradual and if the client is on the ball there need be
> no loss of service.
> 5 business days from detection to quarantine say.
> You email them the moment its detected with a warning and put them into
> monitoring.
> 2 days later if its still ongoing another email (or phone call if you have
> a "premium" provider)
> 4 days after detection start redirecting them to clickthroughs that their
> network is going to be shut down tomorrow
> 5 days after detection its walled garden time.
>
> Support costs should be minimal, "you have a virus on your computer, go
> get it fixed then call us back bye -click-"
>
> In terms of contract, drop the customers to line rental rates whilst they
> are infected and pause the duration of the contract (also offer "pauses" to
> the clients so people don't get infected just to take a holiday).
>
> If all ISP's in .au did it I can see some drastic improvements in the
> overall health of "the network" reduced bank fraud and the like, net win
> for society as a whole.
>
> The kiddies would be exposed to far less porn if their computers were
> clean of redirecting viruses than the great firewall will prevent.
> (i know the firewall isn't/wasn't sposed to protect the kiddies eyes but
> thats the way it always sounds in the media)
> ______________________________**_________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/**mailman/listinfo/ausnog<http://lists.ausnog.net/mailman/listinfo/ausnog>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120618/b8a26dfa/attachment.html>


More information about the AusNOG mailing list