North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Are botnets relevant to NANOG?

  • From: Peter Dambier
  • Date: Fri May 26 10:38:14 2006

[email protected] wrote:
In recent discussions about botnets, some people maintained
that botnets (and viruses and worms) are really not a relevant
topic for NANOG discussion and are not something that we
should be worried about. I think that the CSI and FBI would disagree with that.

Some people need whatever bandwidth they can get for ranting.
Of course routing reports, virus reports and botnet bgp statistics
take away a lot of valuable bandwidth that could otherwise be used
for nagging. On the other hand without Gadi's howling for the
wolves those wolves might be lost species and without the wolves
all the nagging and ranting would make less fun.

Now NANOG members cannot change OS security, they can't
change corporate security practices, but they can have an impact on botnets because this is where the nefarious
activity meets the network.

They can. All you have to do is look for free software and
join the devellopers or the testers or report whatever you
have found out.

When working for Exodus and GLC I have seen I could change
security practices. I was working in London, Munich and
Frankfurt NOCs.

Sorry I did not know about NANOG that time. It would have
made my live a lot more interesting.

Therefore, I conclude that discussions of botnets do belong on the NANOG list as long as the NANOG list is
not used as a primary venue for discussing them.

Botnets are networks. We should have the network operators
on the NANOG list. (I am afraid we do already have them :)

One thing that surveys, such as the CSI/FBI Security
Survey, cannot do well is to measure the impact of botnet researchers and the people who attempt to shut
down botnets. It's similar to the fight against terrorism.
I know that there have been 2 terrorist attacks on
London since 9/11 but I don't know HOW MANY ATTACKS
HAVE BEEN THWARTED. At least two have been publicised but there could be dozens more.

Cleaning up botnets is rather like fighting terrorism.
At the end, you have nothing to show for it. No news
coverage, no big heaps of praise. Most people aren't
sure there was ever a problem to begin with. That doesn't
mean that the work should stop or that network providers
should withold their support for cleaning up the
botnet problem.

Maybe it is high time for a transparent frog. Invisible
for secure systems but as soon as one of the bots tries
to infect it, it will ...

In case you are not Gadi or working for Gadi, feel free
to ignore the tranparent frog. I have never met one :)

Peter and Karin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP:
mail: [email protected]
mail: [email protected]