ISP Seen Breaking Internet Protocol

Found on Wired on Monday, 23 July 2007

Internet service provider Cox Communications is reportedly diverting attempts to reach certain online chat channels and redirecting them to a server that attempts to remove spyware from the computer.

Specifically, Cox's DNS server is responding to a domain name request for an Internet Relay Chat server. Instead of responding with the correct IP address for the server, Cox sends the IP address of its own IRC server (70.168.70.4). That server then sends commands to the computer that attempt to remove malware.

Though clever, the tactic is being heavily debated by networking experts on the NANOG mailing list, some of whom question the effectiveness of the technique and who question whether blocking access to the channels for all users (by breaking the DNS protocol) in order to stop some malware is the appropriate solution.

Even if my computer is infected, an ISP has no legal basis to attempt to fix it. That's as illegal as planting the zombie. This reminds me of the "Make Love Not Spam" project and some counter-virus-viruses; all not legal. Notifying? Perhaps, but that would show that the ISP monitors my connection for bot-related commands; something that doesn't go along with net neutrality. And honestly, if I would be a developer of zombiekits, my new update would wreak havoc on the computer as soon as someone tries to clean it with "uninstall" or "remove"; the machine is lost if it succeeds, so why not make it messy for whoever attempted to cleaned it?

Browse all articles« Previous « » Next »