[AusNOG] Telstra manipulating DNS to block botnets
Jake Anderson
yahoo at vapourforge.com
Mon Jun 18 13:23:59 EST 2012
On 18/06/12 12:31, Mark Andrews wrote:
> In message<60828CFFDBEBA946AC54D9293505E84D0149F30DC60B at sssydmail01.stratsec.l
> ocal>, Eric Pinkerton writes:
>> Let's also not forget, that it's more and more the case today that people hav
>> e multiple machines connected to their home router including smartphones, lap
>> tops, DVD players, Tablets, Games Consoles, Media Centres etc etc - and so qu
>> arantining the entire connection because one of those machines is infected ca
>> n be far more disruptive to your customers than it once was.
> Which in turn makes it all the more important that the customer is
> informed of the problem so they can rectify the problem. All those
> machines are within the home network so there is potential for
> elevated levels of trust of the infected machine.
>
> Mark
If it was to work a quarantine system would need to be applied at pretty
much all ISP's so people don't just churn to somebody who doesn't block.
This is something the Govt could actually do real good with. Some sort
of Govt lead industry body that identifies infected networks and
quarantines them. They already do this for infected people and the wider
population accepts it.
It need not be massively disruptive, the process of placing a host into
quarantine could be gradual and if the client is on the ball there need
be no loss of service.
5 business days from detection to quarantine say.
You email them the moment its detected with a warning and put them into
monitoring.
2 days later if its still ongoing another email (or phone call if you
have a "premium" provider)
4 days after detection start redirecting them to clickthroughs that
their network is going to be shut down tomorrow
5 days after detection its walled garden time.
Support costs should be minimal, "you have a virus on your computer, go
get it fixed then call us back bye -click-"
In terms of contract, drop the customers to line rental rates whilst
they are infected and pause the duration of the contract (also offer
"pauses" to the clients so people don't get infected just to take a
holiday).
If all ISP's in .au did it I can see some drastic improvements in the
overall health of "the network" reduced bank fraud and the like, net win
for society as a whole.
The kiddies would be exposed to far less porn if their computers were
clean of redirecting viruses than the great firewall will prevent.
(i know the firewall isn't/wasn't sposed to protect the kiddies eyes but
thats the way it always sounds in the media)
More information about the AusNOG
mailing list