North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
On Mon, 23 Jul 2007, Joe Greco wrote: > > > On Sun, 22 Jul 2007, Joe Greco wrote: > > > We can break a lot of things in the name of "saving the Internet." That > > > does not make it wise to do so. > > > > Since the last time the subject of ISPs taking action and doing something > > about Bots, a lot of people came up with many ideas involving the ISP > > answering DNS queries with the addresses of ISP cleaning servers. > > > > Just about every commercial WiFi hotspot and hotel login system uses a > > fake DNS server to redirect users to its login pages. > > I think there's a bit of a difference, in that when you're using every > commercial WiFi hotspot and hotel login system, that they redirect > everything. Would you truly consider that to be the same thing as one > of those services redirecting "www.cnn.com" to their own ad-filled news > page? That's only on initial login, prior to login I suppose. I'm fairly certain their servers could return other 'invalid' responses after login if they wanted, they might even see some revenue savings by redirecting a list of 'known bad things' off to 127.0.0.1 (for instance, pick your preferred place). > However, if I were to go to a hotel, and they intercept random (to me) > web sites, I'd consider that a very bad thing. What if it was things you didn't use, didn't know about and were there for some measure of your protection? (or your grandmother's protection even) > > > Many universities > > use a fake DNS server to redirect student computers to cleaning sites. > > I'm not sure I entirely approve of that, either, but at least it is more > like the hotel login scenario than the hotel random site redirection > scenario. The problem is that there is very little difference... and it's very 'easy' to say (as a provider) "hey, I can help my customers, and the Intertubes as a whole..." (btw, how's this all different than opendns?) One of the highlights of this discussion is that people get upset when you mess with 'basic plumbing' in a non-obvious manner. I suppose if you KNOW that it's happening (change your resolv.conf to opendns servers) that's one thing, though do you know or can you config opendns to NOT redirect (example) irc.vel.net but DO irc.badguy.net? messing with DNS brings with it consequences, some good ones and some bad ones...