North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FBI tells the public to call their ISP for help

  • From: Roland Dobbins
  • Date: Wed Jun 13 18:37:59 2007
  • Authentication-results: rtp-dkim-1; [email protected]; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
  • Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1178; t=1181774108; x=1182638108; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; [email protected]; z=From:=20Roland=20Dobbins=20<[email protected]> |Subject:=20Re=3A=20FBI=20tells=20the=20public=20to=20call=20their=20ISP= 20for=20help |Sender:=20 |To:=20nanog=20<[email protected]>; bh=ANtRO3WE+zriMb60tZkS17L1HXFR10rpjbtfAJ7TDw8=; b=qPR1ghAZzRaVoNTHYqNxsuZM4i2O4xXMvQXnfMSM6ixhuxTyWP8LaE29Hce2Ot7E0xGOSYi0 hy8YCRfOX+1elR3ztdinYZzSXZHEy1rB6eBqYKRJ6O+VJmG5weWXpu6w;


On Jun 13, 2007, at 11:49 AM, Sean Donelan wrote:

BTW, 1 million compromised computers is probably a low estimate.

Besides the 'call your ISP for technical help' blunder, there's actually more useful info, believe it or not, in the press release linked in the article:

<http://www.fbi.gov/pressrel/pressrel07/botnet061307.htm>

The FBI aren't claiming only 1 million infected machines, they're saying that this particular sweep involves up to a million botted hosts.

It seems to me that the larger inference is that law enforcement are taking the botnet problem more seriously, which is what a lot of folks in the operational community have been advocating for a long time. While one aspect of the messaging is questionable, it seems to me that active national-level LEO involvement in this problem-space would be welcomed by many.

It's just a first step, and those are always the hardest to take.

----------------------------------------------------------------------
Roland Dobbins <[email protected]> // 408.527.6376 voice

Equo ne credite, Teucri.

-- Laocoön