North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mitigating botnet C&Cs has become useless

  • From: Danny McPherson
  • Date: Sat Aug 05 16:35:04 2006

On Aug 4, 2006, at 12:00 AM, [email protected] wrote:


perhaps. i'm partly of the mind that botnets, p2p networks, manets,
and other self-organizing systems are the "wave" of the future (or even the
present) and the technologies, per se, are not inherently "evil" or even bad.

Well, that clearly depends on your prescription for "self-organizing". I certainly wouldn't categorize the botnets I'm referring to as self- organizing, in particular when they're being employed in a _very organized manner - most always unbeknownst to each systems ultimate owner, and more and more often in such a way that allows A botherder to employ them for an ever-expanding array of malicious activities.

imho, it is short sighted to try and curtail, mitigate, and eradicate
these types of technologies - its kind of like trying to kill off SMTP because
it only sends spam, FTP because its only used to distribute PR0N... and HTTP
because its only used by peadophiles stalking my daughters on MySpace...

better to understand how these things are used and figure out how to
determine INTENT and then filter on that instead of technological eradication.

Right, hence my point. By and large, SPs don't have the time or resources to police the greater Internet, and therefore, they respond in a very reactive fashion when some malicious activity *that* warrants action dictates. Taking out known botnet C&C infrastructure is more proactive and at least from my perspective, continues to yield a discernible impact.

It's all about ROI - and anything more than reactionary measures
only moves them further from profitability.  Putting solutions in place
that allow the SPs to recoup costs associated with playing sysadmin
for customers are the only way they'll be able to give dedicated
focus to the problem.

just my contrarian 0.02 rupias.

I'd expect no less Bill :-)