Full Disclosure mailing list archives
Re: blue security folds
From: evilrabbi <evilrabbi () gmail com>
Date: Thu, 18 May 2006 05:10:56 -0700
Actually at the ISP I work for we do monitor for botnet activity. It's really not that hard to notice them either. You really have to not know anything or just not care to miss the traffic. I've cut off more then one use because of issues like. After cutting them off I'll give them a call and tell them why, offer proof, explain the proof (ie make them type ipconfig /all so they can see their mac address because it adds validity in their eyes), then I refer them to a computer store we also own. Generally they are happy that we noticed so they can get their machines cleaned up. On 5/17/06, Gaddis, Jeremy L. <jeremy () linuxwiz net> wrote:
nocfed wrote: > And if the ISP's could get their act together then most of the botnets > would be no more. This _IS_ something that can be controlled, to an > extent. Many of the network administrators need a course in > Networking 101 which will greatly assist in tracking down the source > of attacks. If botnets are required to use their own IP's then how > hard would it really be to track them down and disable them? > Disruption of the end users connection and a flag on their account > should clean them up, although not 100%. So if you want someone to > blame, blame the ISP, blame the hosting service, and blame the end > user. While I agree (mostly), getting the ISPs to do what you suggest will never happen. If I, Joe Clueless User, have a bot running on my PC spamming half the world, and my ISP notices this and shuts me off, what will I do? Assuming I'm like the majority of users and either a) don't know, or b) don't care what they're talking about, I'll cancel my account and switch to another ISP (that won't shut me off). To do what you suggest would be for the greater good of the whole "Internet community", but would negatively affect $ISP's bottom line. Since we all know they only care about themselves, well, draw your own conclusions... -j -- Jeremy L. Gaddis GCWN, MCP, Linux+, Network+ http://www.jeremygaddis.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- -- h0 h0 h0 -- www.nopsled.net
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- blue security folds Gadi Evron (May 17)
- bluesecurity IS the spammers you fools. Re: blue security folds donnydark (May 18)
- Re: bluesecurity IS the spammers you fools. Re: [Full-disclosure] blue security folds Valdis . Kletnieks (May 18)
- <Possible follow-ups>
- RE: blue security folds Mike Adams (May 17)
- Re: blue security folds Peter Besenbruch (May 17)
- Re: blue security folds nocfed (May 17)
- Re: blue security folds Gaddis, Jeremy L. (May 17)
- Re: blue security folds Michael Silk (May 17)
- Re: blue security folds evilrabbi (May 18)
- Re: blue security folds Steve Kudlak (May 18)
- Re: blue security folds Kyle Lutze (May 18)
- Re: blue security folds Peter Besenbruch (May 17)
- bluesecurity IS the spammers you fools. Re: blue security folds donnydark (May 18)
- Re: blue security folds nocfed (May 19)
- Re: blue security folds Aaron Gray (May 19)