Skip to main content

Last Call Review of draft-oreirdan-mody-bot-remediation-
review-oreirdan-mody-bot-remediation-secdir-lc-hoffman-2011-10-28-00

Request Review of draft-oreirdan-mody-bot-remediation
Requested revision No specific revision (document currently at 20)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-11-11
Requested 2011-10-07
Authors Jason Livingood , Nirmal Mody , Michael O'Reirdan
I-D last updated 2011-10-28
Completed reviews Genart Telechat review of -?? by Miguel Angel García
Genart Last Call review of -?? by Miguel Angel García
Secdir Last Call review of -?? by Paul E. Hoffman
Assignment Reviewer Paul E. Hoffman
State Completed
Request Last Call review on draft-oreirdan-mody-bot-remediation by Security Area Directorate Assigned
Completed 2011-10-28
review-oreirdan-mody-bot-remediation-secdir-lc-hoffman-2011-10-28-00
This is a review of the security-related aspects of
draft-oreirdan-mody-bot-remediation, primarily for the benefit of the Security
ADs and the authors or draft-oreirdan-mody-bot-remediation.

The document is a set of recommendations to ISPs on how to deal with customer
computers that have been botted. It is informational in nature, and (wisely)
avoids any 2119ish language. Topics covered include determining which customers
might be infected, communicating with the customers, and remediation.

In other words, the entire document covers security-related topics.
Fortunately, it does so in a very clear fashion throughout. Suggestions for
actions than an ISP might take are often accompanied with warnings and
discussion of the security aspects of those actions. The Security
Considerations section, while short, emphasizes the need for the reader to read
carefully, particularly the section on the security aspects of sending mail to
potentially-infected customers.

One editorial comment: the first sentence of the abstract has a superfluous
comma that imbues unintended humorous semantics:
   This document contains recommendations on how Internet Service
   Providers can manage the effects of computers used by their
   subscribers, which have been infected with malicious bots, via
   various remediation techniques.
It is unlikely that subscribers themselves have been infected with malicious
bots. A better wording might be:
   This document contains recommendations on how Internet Service
   Providers can use various remediation techniques to manage
   the effects of malicious bots on their subscribers' computers.

--Paul Hoffman