nanog mailing list archives

Re: mitigating botnet C&Cs has become useless

From: Michael Loftis <mloftis () wgops com>
Date: Wed, 09 Aug 2006 10:10:21 -0600




--On August 8, 2006 12:06:42 PM -0400 Sean Donelan <sean () donelan com> wrote:


On Tue, 8 Aug 2006, Arjan Hulsebos wrote:

We (ISPs) already do have that power, we can disconnect misbehaving
subscribers. And in cases like this, we should keep them off the 'net
until they've cleaned up their PC.


Botnet C&Cs are not naturally occuring phenomena.  Relying only on
defensive security, and not arresting the criminals, will just result
in the criminals becoming bolder and more aggressive.

In most cases ISPs are just taking action against innocent bystanders
that got hit in the cross-fire. Those bystanders aren't the cause. If you
let the criminals continue trying over and over again, you are just
training them to become better shots.  Telling your customers they should
wear
bullet-proof vests whenever they go outside isn't going to stop snippers.
Arresting the snipper is going to stop the snipper.

Yup this is a social problem. Just like there's nothing actually stoppingany of us from beating up a guy on the street, we don't do it because itisn't legal, doesn't make sense, etc. Some muggers do, the people incontrol of the SPAM problem are the muggers....the people with infectedsystems are just the ones who've been mugged.

Current thread:

Re: mitigating botnet C&Cs has become useless, (continued)
- Re: mitigating botnet C&Cs has become useless Arjan Hulsebos (Aug 08)
  - Re: mitigating botnet C&Cs has become useless Simon Waters (Aug 08)
    - Re: mitigating botnet C&Cs has become useless Mikael Abrahamsson (Aug 08)
    - Re: mitigating botnet C&Cs has become useless Rick Wesson (Aug 08)
    - Re: mitigating botnet C&Cs has become useless Mikael Abrahamsson (Aug 08)
    - Re: mitigating botnet C&Cs has become useless Peter Dambier (Aug 08)
    - Re: mitigating botnet C&Cs has become useless Sean Donelan (Aug 08)
    - Re: mitigating botnet C&Cs has become useless Rick Wesson (Aug 08)
    - Re: mitigating botnet C&Cs has become useless Sean Donelan (Aug 08)
  - Re: mitigating botnet C&Cs has become useless Sean Donelan (Aug 08)
    - Re: mitigating botnet C&Cs has become useless Michael Loftis (Aug 09)
  - Re: mitigating botnet C&Cs has become useless Michael Loftis (Aug 09)
- Re: mitigating botnet C&Cs has become useless Scott Weeks (Aug 08)
- Re: mitigating botnet C&Cs has become useless Arjan Hulsebos (Aug 09)
  - Re: mitigating botnet C&Cs has become useless Danny McPherson (Aug 13)
    - Re: mitigating botnet C&Cs has become useless Laurence F. Sheldon, Jr. (Aug 13)
    - Re: mitigating botnet C&Cs has become useless Danny McPherson (Aug 13)
    - Re: mitigating botnet C&Cs has become useless Laurence F. Sheldon, Jr. (Aug 13)
    - Re: mitigating botnet C&Cs has become useless Sean Donelan (Aug 13)
    - Re: mitigating botnet C&Cs has become useless Laurence F. Sheldon, Jr. (Aug 13)
- Re: mitigating botnet C&Cs has become useless Arjan Hulsebos (Aug 09)

(Thread continues...)