RE: mitigating botnet C&Cs has become useless

Mailman List Mirror (Read Only)
1

I really didn't intend for this discussion to run down a rat-hole
like this, but there it is.

If you're going to pass-the-buck on this to (OS flaws) or that
(stupid user tricks), then there are bigger problem than I thought.

Regardless of existing flaws, user idiosyncracies, etc., we still
have to mitigate _all_ emerging threats. Period.

Your customers, and mine, expect nothing less.

If you think that it's not worth your time, then continue to ignore
it, but at least leave the rest of us to deal with the carnage without
being a nayayer poo-poo'ing efforts to the contrary.

- ferg

I see you are an optimist.

As much as I like to build more technology, in this case neither more
technology, nor more manpower devoted to service providers and
networking is going to fix this problem.

There is a real good analogy to this going on in Santa Clara county (SF
Bay Area) where West Nile virus is a real threat. Initially the county
tried to spray and in general kill the mosquitos.

Well, it turns out that this did not work, they got more. Then, they
started doing aerial surveys of the area and going to every single water
body that seemed to contain stagnant water. And they made it impractical
for mosquitos to breed. Then they sprayed, and now it turns out that the
mosquitos are slowly disappearing.

Coming back to our topic at hand, first you have to get rid of the buggy
code/OS that is running out there. At the same time, you put in the law
enforcement (must be able to span across countries) controls to punish
the people that get caught.

Then, I think you can kill off what's left.

Just throwing more network engineers and more gear will not get you
where you want to go IMHO. It would make quite a few companies a lot of
money though.

2

I am not being a discounting the efforts of many people that are on this
list and I personally know or worked with.

What I am saying is that throwing more technology (boxes, appliances
etc) and more manpower at the problem within the NSP,ISP, and ASP boxes
of the network block diagram is NOT going to solve the problem. I am not
saying, stop what you are doing, all I am saying is that, it is TIME to
look at the overall approach that we have taken fighting this war.

It is also NOT passing the buck, it is stating a point. You have to plug
the holes that allow these people to take over PCs at almost zero cost.
If it took them 6 months to discover one hole and 3-6 months to write an
exploit for it, I think you would find that these guys would go find
another line of profitable business.

I will now let everyone get back to their regularly scheduled
programming as I also don't want to go down this rathole any farther.

Regards,

3

Bora Akyol wrote:

What I am saying is that throwing more technology (boxes, appliances
etc) and more manpower at the problem within the NSP,ISP, and ASP boxes
of the network block diagram is NOT going to solve the problem. I am not
saying, stop what you are doing, all I am saying is that, it is TIME to
look at the overall approach that we have taken fighting this war.

You speak of not stopping, but still not adding more technology, more
manpower and whatnot to the problem. Sometimes standing still while
everything else around you moves is pretty much the same as stopping.

While I agree that the current process of hunting botnets, disabling
their C&Cs and such is the BEST way of eventually trying to smother
the big problem we should probably consider the alternative. What
would things be like if we HADN'T done what we are donig? And what
would happen if we stepped on the break now?

Worth thinking about that too.