North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mitigating botnet C&Cs has become useless

  • From: Rick Wesson
  • Date: Tue Aug 08 18:10:50 2006

Mikael Abrahamsson wrote:

On Tue, 8 Aug 2006, Simon Waters wrote:

However most big residential ISPs must be getting to the point where 10% bandwidth saving would justify buying in third party solutions for containing malware sources. I assume residential ISPs must be worse than


It might not be the right thing, but the economics for the residential ISP it costs a lot to try to be proactive about these things, especially since botnets can send just a little traffic per host and it's hard to even detect.

Last sunday at DEFCON I explained how one consumer ISP cost American business $29M per month because of the existence of key-logging botnets.

you want to talk economics? Its not complicated to show that mitigating key-logging bots could save American business 2B or 4% of =losses to identity theft -- using FTC loss estimates from 2003

just because an ISP looses some money over transit costs does not equate to the loss american business+consumers are loosing to fraud.

sorry, DEFCON slides aren't up anywhere yet. drop me a note if you'd like a copy.