North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mitigating botnet C&Cs has become useless

  • From: Mikael Abrahamsson
  • Date: Tue Aug 08 16:07:24 2006

On Tue, 8 Aug 2006, Simon Waters wrote:

However most big residential ISPs must be getting to the point where 10% bandwidth saving would justify buying in third party solutions for containing malware sources. I assume residential ISPs must be worse than

The problem here is that if you build your network "right", ie just IP routing and no tunneling, you don't get a natural choke-point on where to put any kind of solution like you propose.

When I did the business calculations on DSL solution my math told me it cost approx the same (or even cheaper) to just provide internet capacity than to offer bitstream/tunneling. The devices involved in the tunneling cost more than actually providing global internet bandwidth and not doing any tunneling at all. It's also a much cleaner solution with fewer places than can break or cause problems. You have a clean 1500 MTU all the way, etc. So in all of thise, if the 10% figure is correct then it's cheaper to just waste those 10% for the residential ISP than to try to stop it, so I'd have to agree with the people in the thread who said that.

It might not be the right thing, but the economics for the residential ISP it costs a lot to try to be proactive about these things, especially since botnets can send just a little traffic per host and it's hard to even detect.

Mikael Abrahamsson    email: [email protected]