North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
> On Mon, 23 Jul 2007, Joe Greco wrote: > >> Although this seems to be the first bit mistake in over two years, does > >> that make the practice unacceptable as another tool to respond to Bots? > > > > The practice of blocking public EFnet servers? > > As I've said multiple times, sometimes mistakes happen and the wrong > things end up on a list. I doubt that was the intent. > > Many people have suggested blocking C&C servers used by bots over the > years. There's a difference between blocking actual C&C servers and blocking general IRC servers that are incidentally being used as C&C servers. > > Yes, when there are better solutions to the problem at hand. > > Please enlighten me. Intercept and inspect IRC packets. If they join a botnet channel, turn on a flag in the user's account. Place them in a garden (no IRC, no nothing, except McAfee or your favorite AV/patch set). Wow, I didn't even have to strain myself. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.