[AusNOG] Killing the bots with user help. WAS Re: NBN must avoid becoming 'failed state'

Mark Smith nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Tue Oct 5 19:32:25 EST 2010


On Tue, 5 Oct 2010 01:14:26 +0000
"Dobbins, Roland" <rdobbins at arbor.net> wrote:

> 
> On Oct 5, 2010, at 5:34 AM, Terry Manderson wrote:
> 
> > Is the support component too much of a hit to approach this? ie unable to apportion the costs of this elsewhere?
> 
> 
> Qwest were initially quite worried about both support costs and user reaction - they found that, overall, their support costs *decreased* because of users finding out about their compromised machines and cleaning/re-installing them, and they also found that customers were grateful to understand why their (compromised, unbeknownst to the customer )machines were running slowly and acting weirdly, heh.
> 
> The technology Qwest use can certainly be scaled up or down (it's based upon Squid); I'm not familiar with the architecture of Comcast's offering.
> 

Comcast have been quite "wordy" recently about how they're achieving
these sorts of things, and have submitted some Internet Drafts about
how they're doing them. I haven't read them (and may or may not agree
with how they're donig them), but here are the ones I'm aware of -

DNS Redirect Use by Service Providers
http://tools.ietf.org/html/draft-livingood-dns-redirect-02

Comcast's Protocol-Agnostic Congestion Management System
http://tools.ietf.org/html/draft-livingood-woundy-congestion-mgmt-09

Recommendations for the Remediation of Bots in ISP Networks
http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-09

Comcast's Web Notification System Design
http://tools.ietf.org/html/draft-livingood-web-notification-09

Regards,
Mark.



More information about the AusNOG mailing list