Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking )
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Christopher Morrow <christopher.morrow@verizonbusiness.com> wrote:
I'd love to see CPE dsl/cable-modem providers integrate with a 'service' that lists out 'bad' things. it'd be nice if the user could even tailor that list (just C&C or C&C + child-porn or C&C older not than X days/hours/minutes) ... I think it might even help, and be vendor
agnostic (from a provide and hardware) perspective.
Ironically, that is exactly part of a product announcement that we (Trend Micro) are making on 30 July. Since this topic arose, I saw Trend mentioned as a possible product "culprit" in this scenario, but it isn't. Yet. :-) The particular service to be announced on Monday (BIS, or Botnet Identification Service), is nothing more than a BGP feed of _known_ and _vetted_ botnet C&Cs as /32s, intended to be a black-hole feed. Interested folks should either e-mail me off-list, or just wait for the official announcement on 30 July. Cheers, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) wj8DBQFGplq5q1pz9mNUZTMRAnFzAKCicaHuvoTwJk92hPOOu2E/ofjhegCcCrMc XCA4rpUCimConxtKV/Qrsfs= =N2f1 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
On Tue, 24 Jul 2007, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -- Christopher Morrow <christopher.morrow@verizonbusiness.com> wrote:
I'd love to see CPE dsl/cable-modem providers integrate with a 'service' that lists out 'bad' things. it'd be nice if the user could even tailor that list (just C&C or C&C + child-porn or C&C older not than X days/hours/minutes) ... I think it might even help, and be vendor
agnostic (from a provide and hardware) perspective.
Ironically, that is exactly part of a product announcement that we (Trend Micro) are making on 30 July.
neat, if only our marketting folks would see such benefits :( good for you! :)
Since this topic arose, I saw Trend mentioned as a possible product "culprit" in this scenario, but it isn't. Yet. :-)
not a culprit so much as a way that this sort of dns redirection could have been done, in a vendor supplied/supported device even.
The particular service to be announced on Monday (BIS, or Botnet Identification Service), is nothing more than a BGP feed of _known_ and _vetted_ botnet C&Cs as /32s, intended to be a black-hole feed.
Interested folks should either e-mail me off-list, or just wait for the official announcement on 30 July.
note that this will take out vhost systems... unless they are vetted off the list, which is certainly possible of course.
On Tue, Jul 24, 2007, Chris L. Morrow wrote:
note that this will take out vhost systems... unless they are vetted off the list, which is certainly possible of course.
Unless you use it as part of a feed of "stuff our abuse department might want to investigate further" .. Adrian
participants (3)
-
Adrian Chadd
-
Chris L. Morrow
-
Paul Ferguson