North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: mitigating botnet C&Cs has become useless
- From: Danny McPherson
- Date: Sat Aug 05 16:35:04 2006
On Aug 4, 2006, at 12:00 AM, [email protected] wrote:
useless...
perhaps. i'm partly of the mind that botnets, p2p networks, manets,
and other self-organizing systems are the "wave" of the future (or
even the
present) and the technologies, per se, are not inherently "evil" or
even bad.
Well, that clearly depends on your prescription for "self-organizing".
I certainly wouldn't categorize the botnets I'm referring to as self-
organizing, in particular when they're being employed in a _very
organized manner - most always unbeknownst to each systems
ultimate owner, and more and more often in such a way that allows
A botherder to employ them for an ever-expanding array of
malicious activities.
imho, it is short sighted to try and curtail, mitigate, and eradicate
these types of technologies - its kind of like trying to kill off
SMTP because
it only sends spam, FTP because its only used to distribute PR0N...
and HTTP
because its only used by peadophiles stalking my daughters on
MySpace...
better to understand how these things are used and figure out how to
determine INTENT and then filter on that instead of technological
eradication.
Right, hence my point. By and large, SPs don't have the time or
resources to police the greater Internet, and therefore, they respond
in a very reactive fashion when some malicious activity *that* warrants
action dictates. Taking out known botnet C&C infrastructure is more
proactive and at least from my perspective, continues to yield a
discernible impact.
It's all about ROI - and anything more than reactionary measures
only moves them further from profitability. Putting solutions in place
that allow the SPs to recoup costs associated with playing sysadmin
for customers are the only way they'll be able to give dedicated
focus to the problem.
just my contrarian 0.02 rupias.
I'd expect no less Bill :-)
-danny
|