The Internet, viewed as an organism, quite clearly has, at present,
numerous autoimmune diseases. It is attacking itself. And its immune
system, such as it is, clearly ain't working. There's going to come
a day of reckoning when it will no longer be possible to paper over
this sad and self-evident fact. (And no, I'm *not* talking about
the fabled "Digital Pearl Harbor". I'm talking instead about the
Internet equivalent of the meteor that wiped out the dinosaurs.)
We need a cost effective and performant way of blocking botnet traffic in SP networks. Fact is the only way to enforce network policy is from within the network. Laws, putting the onous on users, notifying infected users, etc will never work. We can't expect to solve them all, but at least make it more diffcult by a large margin to run these things. For example blacklisting domains where spam is coming from doesn't stop the problem, but it does help in a big way.
Over 800k domains, but I bet they were not using nearly that many IPs. It would be nice to take info from various honeypots about CNC servers and just blackhole those IPs in one way or another very quickly. I don't want to suggest a method of doing this, just as a idea to play around with.
In message <20161201124527.9BE453FD@m0087798.ppops.net>,
surfer@mauigateway.com wrote:
What is your suggestion to keep the sky from falling?
My full answer, if fully elaborated, would bore you and everybody else
to tears, so I'll try to give you an abbreviated version.
It seems to be that it comes down to three things... acceptance, leadership,
and new thinking.
Acceptance
We, the people of this planet, including end users, small ISPs,
big ISPs, Tier-1 providers, ICANN, and all of the dangling tentacles
that derive their authority and power therefrom, law enforcement
globally, and judicial systems globally, have to begin by accepting
the undeniable reality that traditional law enforcement and judicial
processes have already been utterly overwhelmed by the new phenomenon
of international cybercrime, *and*, more importantly, that they always
will be. If a teenager can hack your bank account in ten minutes,
but it takes three years to bring him to trial, after which he
gets a slap on the write and probation... well... any idiot can
see that this is an ongoing recipie for disaster on a grand scale.
(And in a way, announcements like the one today about a small
handful of Internet criminals being busted are actually a bad
thing, becase they only serve to perpetuate this comforting but
incredibly incorrect mass delusion that traditional law enforcement
has the new world of cyberspace well in hand. They don't, and never
will. And in fact they are just falling further and further behind
with each passing year.)
Leadership
This has to come from the folks at the top of the food chain, the
Tier-1 providers, and sadly, they have become like the banks...
everybody hates them, but we all know that we can't live without
them, and they are free to make money hand over fist while showing
no signs of accountability whatsoever. (And don't kid yourself
that there is anything even remotely like independence in any of
the bits and pieces, starting from ICANN on down, that currently
pass for what is laughingly called "Internet Governance". All of
these structures take their cue, and their marching orders, from
the Internet industry, and the industry, such as it is, can't change
a damn thing without buy-in from the Tier-1 providers.)
Unfortunately, in this just-past election, one party's Presidential
candidate was criticized for being "too close to the banks", in
particular, Goldman Sachs, and the other one has just selected a
former Goldman Sachs banker pal of his to run the treasury
department in the new administration. This shows that without a
massive sea change in the level of anger among the general populace,
nothing will change, ever. And so it is also with the Internet
industry. End users and consumers need to wake up and start actively
demanding that the industry grow up, grow a pair, and stop just
sitting idly by while the current ongoing hacking free-for-all
claims new victims every goddamn day. When and if that ever happens,
perhaps one or more CEOs of Tier-1 providers will finally wake up,
smell the coffee, and understand that over a time horizon longer than
this coming quarter, they need to start showing some leadership,
and help guide the whole industry towards a better and safer future.
New Thinking
Even miltary men have, for some time now, been calling cyberspace
"a new domain of battle, like air, land, sea, and space". Why then
do our law enforcement and judicial systems, worldwide, fail to
also and likewise accept and begin to deal with this new reality?
Everywhere on earth, law enforcement, judicial systems, and
governments are, by and large, still trying to pretend that
cybercrime is a strictly a local matter. It isn't, and hasn't
been, for about 30 years now.
Internationalized legal structures are hard to assemble, but they
are not hardly without precedent. Why should there not be an
international Internet equivalent of the "Law of the Sea"?
It is quite common for cybercrimes to cross national borders, and yet
I personally have so far never heard of a single instance in which
any cybercriminal has been brought before the International Criminal
Court in the Hague to stand trial. Why not? Russia and China may
(and indeed do) seem to have more than a little reluctance to allow
extradition of their cybercriminals to the U.S. to stand trial. OK
then. What will be their excuse if we instead say that such defendants
should be rendered unto, and be brought before the bar in The Hague?
Are ISPs, by and large, so absolutely desperate for new clients that
they absolutely and positively MUST sell connectivity to any homo
sapien who can successfully fog a mirror? If I go to my local
cable TV provider and I ask them to give me new service, but also
tell them that I *do not* want to first give them a big fat "security
deposit", they will say "Ok. No problem. Just give us a minute
whil we check your credit rating." If that comes back green, then
they give me service... no big deposit required. On the other hand
if it comes back orange or red, then I have to pony up a big deposit...
which, depending on my behavior, I might not ever get back... before
they will sell me service.
Contrast this to Internet service. If you reach out and hack my
router, and if I am on the ball, I can and will report you to your
(current) ISP, giving the exact date and time of the incident and your
IP address. In the rare circumstance where (a) this is not your
first offense while on your current ISP and also (b) your ISP is
below-average greedy and (c) your ISP is below-average incompetent
and (d) your current ISP is below-average irresponsible, then you
-may-... I stress -may-... actually lose your current connectivity.
But even in that very rare case, of course, you can just waltz down
the street, the same day, to the next convenient ISP and start all
over again, barely missing a beat.
So, when is this industry going to grow up, realize that creative
individuals, given a single DHCP connection, even perhaps one with
relatively low bandwidth, can get on and cause $tens of millions of
dollars worth of either theft or damage? When is the industry going
to start admitting to itself that individual end-lusers can be
dangerous, sometimes even to the tune of $tens of millions of dollars?
In short, when is this industry going to start vetting people, at
least a little bit, before giving out connectivity to any Tom, Dick,
or Harry who shows up on the doorstep with five dollars burning a
hole in his pocket? Where is the equivalent of the "credit rating"
for Internet users? If I'm running a mom-n-pop ISP, where do I go
if I want to find out whether or not this unsavory-looking individual
who slept in my doorway last night is or isn't a guy who has already
been tossed off his prior two ISPs for gross misbehavior?
Maybe its time for the industry to create a registry of such people.
(And don't hand me all of that bleeding heart crap about personal
privacy, government survelliance, etc. etc. etc. You'll only serve
to make it evident to all that you're in the same camp with the
wacko Second Amendment wingnuts and/or the equally wacko Any Rand
extremist devotees. Time to grow up and realize that if you want
to participate in, and obtain benefit from, a civilized society,
then society has a fair right to ask you to give up a little bit of
something in return. That's the bargain. Take it or leave it. If
you don't like it, then get the flock off the Internet and go live
in a cave someplace. And don't let the door hit you in the ass on
your way out. You will not be missed. And besides all of that,
you're probably carrying around five credit cards in your walet as
we speak. So it's more than a liitle disingenuous for you to whine
about personal privacy as you are checking your credit score five
times a day.)
Believe it or not, -that- is the -short- version of my solution to the
Internet's problem(s).
Regards,
rfg