While developing a program to resolve various records (A,AAAA,MX) for a rather large list of domains, Cox sent me an email claiming my computer(s) may be infected with some stupid trojan.
My program does not use COX's DNS servers. In fact, none of my computers are configured to use COX's DNS servers. I made this change many years ago after being presented with stupid NXDOMAIN "search" pages courtesy of COX's DNS servers violating RFC to earn some pesos.
I maintain my own recursive resolver servers outside of COX's network. So if COX monitors their DNS servers for the flagged requests then their statement would be somewhat true. However, none of my DNS traffic goes to COX's resolvers, it merely passes over/through my network , over COX's network, to my servers....
I know my devices are not infected. I replied to their email on 9/28 and just now received a reply on 10/19.. Their reply makes no sense to me. How can they state "we do not scan or monitor your network" then follow that with "we do monitor communications".
How can one happen without the other?
I know for certain that one can not monitor 'communications with known infected command and control servers' without monitoring the traffic from their customers' networks.
said by abuse@cox.net :Dear Cox Customer,
Thank you for your inquiry. We do not scan or monitor your network. How ever we do monitor communications with known infected command and control servers. It was seen communicating with antrobeat.com - 2016-09-28. I hope this helps.
Regards,
Cox Customer Safety Team
↧
