[dns-operations] "EarthLink Criticized for DNS Redirects"

caleb.dods at bell.ca caleb.dods at bell.ca
Fri Sep 15 15:22:54 UTC 2006


Barry,

This is definitely a trend. There is substantial money to be made by the
ISPs off the add revenue by doing this redirection. I'll leave the
philosophical discussion of whether this is good or bad thing to others.


However to your point, once the basic technology is in place to do this
redirection, there is a lot of opportunity to use it for security
purposes. This includes redirection of phishing sites, but also
redirection of other types of DNS queries (botnets) to honey pots sites.

I think this is a little different than the port 25 blocking that has
been done for spam. However given the antispam benefits achieved by
blocking port 25, a think even larger benefits can be achieved by a
similar blocking of port 53. In other words allowing (consumer)
customers to only access a specific set of DNS caches provided by the
ISP.  This allows monitoring of the DNS traffic of malware patterns, and
prevents these cheap accounts from being used for DNS abuse.

Caleb

-----Original Message-----
From: dns-operations-bounces at lists.oarci.net
[mailto:dns-operations-bounces at lists.oarci.net] On Behalf Of Barry
Greene (bgreene)
Sent: September 15, 2006 10:22 AM
To: Paul Vixie; dns-operations at lists.oarci.net
Subject: Re: [dns-operations] "EarthLink Criticized for DNS Redirects"


So is this a trend? There has been talk among SPs I've been working with
to have all broadband customers go through their "port 53"
infrastructure - much like Canada who has all customers go through their
"port 25" infrastructure - for the same reasons - another tool to
mitigate security nonsense and possible lead to cleaning up violated
systems.

Something like this would allow SPs to DNS poison phishing sites -
redirecting the gullible victim to a page that would help (hopefully)
get more clue. 

Thoughts? 
 

> -----Original Message-----
> From: dns-operations-bounces at mail.oarc.isc.org 
> [mailto:dns-operations-bounces at mail.oarc.isc.org] On Behalf 
> Of Paul Vixie
> Sent: Thursday, September 14, 2006 4:39 PM
> To: dns-operations at mail.oarc.isc.org
> Subject: [dns-operations] "EarthLink Criticized for DNS Redirects"
> 
> http://www.betanews.com/article/EarthLink_Criticized_for_DNS_R
> edirects/1157575614
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
> 
_______________________________________________
dns-operations mailing list
dns-operations at lists.oarci.net
http://lists.oarci.net/mailman/listinfo/dns-operations



More information about the dns-operations mailing list