On Tue, Mar 4, 2014 at 7:27 AM, Davide Davini <diotona...@gmail.com> wrote: > Andrew Latham wrote: >> On Tue, Mar 4, 2014 at 5:46 AM, fmm <vo...@fakmoymozg.ru> wrote: >>> On Tue, 04 Mar 2014 09:00:18 +0100, Jay Ashworth <j...@baylink.com> wrote: >>> >>>> >>>> http://arstechnica.com/security/2014/03/hackers-hijack-300000-plus-wireless-routers-make-malicious-changes/ >>>> >>>> Is there any valid reason not to black hole those /32s on the back bone? >>> >>> >>> >>>>> The telltale sign a router has been compromised is DNS settings that have >>>>> been changed to 5.45.75.11 and 5.45.76.36. Team Cymru researchers >>>>> contacted >>>>> the provider that hosts those two IP addresses but have yet to receive a >>>>> response. >>> >>> >>> you wanted to say "blackhole those 5.45.72.0/22 and 5.45.76.0/22", aren't >>> you? >>> >> >> Jay is right, it is just the /32s at the moment... Dropping the /22s >> could cause other sites to be blocked. >> >> inetnum: 5.45.72.0 - 5.45.75.255 >> netname: INFERNO-NL-DE > > I'm guessing that was said under the assumption the provider wouldn't > intervene, because if it does intervene there is no point in blackholig > anything. >
Davide, you are correct, some people are assuming that the provider is doing nothing. That has yet to be determined. -- ~ Andrew "lathama" Latham lath...@gmail.com http://lathama.net ~
