Last Call Review of draft-oreirdan-mody-bot-remediation-
review-oreirdan-mody-bot-remediation-secdir-lc-hoffman-2011-10-28-00
Request | Review of | draft-oreirdan-mody-bot-remediation |
---|---|---|
Requested revision | No specific revision (document currently at 20) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2011-11-11 | |
Requested | 2011-10-07 | |
Authors | Jason Livingood , Nirmal Mody , Michael O'Reirdan | |
I-D last updated | 2011-10-28 | |
Completed reviews |
Genart Telechat review of -??
by Miguel Angel García
Genart Last Call review of -?? by Miguel Angel García Secdir Last Call review of -?? by Paul E. Hoffman |
|
Assignment | Reviewer | Paul E. Hoffman |
State | Completed | |
Request | Last Call review on draft-oreirdan-mody-bot-remediation by Security Area Directorate Assigned | |
Completed | 2011-10-28 |
review-oreirdan-mody-bot-remediation-secdir-lc-hoffman-2011-10-28-00
This is a review of the security-related aspects of draft-oreirdan-mody-bot-remediation, primarily for the benefit of the Security ADs and the authors or draft-oreirdan-mody-bot-remediation. The document is a set of recommendations to ISPs on how to deal with customer computers that have been botted. It is informational in nature, and (wisely) avoids any 2119ish language. Topics covered include determining which customers might be infected, communicating with the customers, and remediation. In other words, the entire document covers security-related topics. Fortunately, it does so in a very clear fashion throughout. Suggestions for actions than an ISP might take are often accompanied with warnings and discussion of the security aspects of those actions. The Security Considerations section, while short, emphasizes the need for the reader to read carefully, particularly the section on the security aspects of sending mail to potentially-infected customers. One editorial comment: the first sentence of the abstract has a superfluous comma that imbues unintended humorous semantics: This document contains recommendations on how Internet Service Providers can manage the effects of computers used by their subscribers, which have been infected with malicious bots, via various remediation techniques. It is unlikely that subscribers themselves have been infected with malicious bots. A better wording might be: This document contains recommendations on how Internet Service Providers can use various remediation techniques to manage the effects of malicious bots on their subscribers' computers. --Paul Hoffman