North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: mitigating botnet C&Cs has become useless
On Jul 30, 2006, at 10:37 AM, Gadi Evron wrote:
They're very incident driven from that respect, and with an attempt to focus on revenue and services profitability, it just amplifies the problem. That is, they're busy turning the steam valves and putting out fires - who has the time for strategizing and waging a global war on organized crime and it's employment of botnets that yields a negligible return on a considerable investment, just cutting deeper into their losses?
[disclaimer: the above is a gross oversimplification and many SPs do far more, but it's largely applicable across a broad spectrum of SPs]
Heck, they rarely have time to chase DOS attack sources past their network perimeter and today report less than 2% of *actionable* attacks to LEOs.
It's an ROI game...
While you could spin botnet resurrection a hundred ways, taking out the bots themselves, even if it's often times only as temporal function, is the low hanging fruit and something SPs can understand and instrument.
I agree that the root of the problem is the miscreants perpetrating these crimes, and they need to be prosecuted, but the responsibility falls far wider than the SPs.
I also accept the references provided by Paul and others, but what's the near-term alternative?