North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mitigating botnet C&Cs has become useless

  • From: Danny McPherson
  • Date: Thu Aug 03 22:57:07 2006

On Aug 3, 2006, at 4:22 PM, Scott Weeks wrote:

But shutting them down, that's like the police arresting
all the informants.  It doesn't stop the crime, it just
eradicates all your easy leads.

What're folk's thoughts on that?

I'm not sure I'd liken shutting C&C infrastructure down to "arresting the informants". I think that's quite a bad analogy, actually, as informants are [often] third parties while C&C infrastructure is used to convey actual execution instructions - which are very often much more than DoS, as John pointed out.