>> Please see the previous gazillion messages from people who are using
>> RPZ in production to keep malware away from their users.
>> 
>> Also see the previous gazillion messages noting that governments do
>> all sorts of DNS censorship now and don't need RPZ.
>> 
>> Could you explain in more detail why you don't believe operators will
>> continue to use RPZ to protect their users, and why you think hostile
>> actors will do things with RPZ that they couldn't do now?
>
>I was specifically asking about the redirect/record replacement
>behavior, not the nxdomain/blocking behavior.

Providers routinely use sandboxing to quarantine infected users both
to protect their other users (malware can't contact C&C) and to force
them to do something about it, since they can't see anything other
than web sites with cleanup tools.  

I've talked to providers who tell me that this is the least bad way
they've found to get their users to clean up infected boxes.  Even if
a provider could afford to calli them on the phone, it doesn't work,
first because users not unreasonably think it's a scam, and second
because the malware doesn't bother them, only other people, so they
blow off advice to fix it.

So I reiterate the same two questions.

R's,
John

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to