Full Disclosure mailing list archives
Re: blue security folds
From: Kyle Lutze <kyle () randomvoids com>
Date: Thu, 18 May 2006 08:00:58 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gaddis, Jeremy L. wrote:
nocfed wrote:And if the ISP's could get their act together then most of the botnets would be no more. This _IS_ something that can be controlled, to an extent. Many of the network administrators need a course in Networking 101 which will greatly assist in tracking down the source of attacks. If botnets are required to use their own IP's then how hard would it really be to track them down and disable them? Disruption of the end users connection and a flag on their account should clean them up, although not 100%. So if you want someone to blame, blame the ISP, blame the hosting service, and blame the end user.While I agree (mostly), getting the ISPs to do what you suggest will never happen. If I, Joe Clueless User, have a bot running on my PC spamming half the world, and my ISP notices this and shuts me off, what will I do? Assuming I'm like the majority of users and either a) don't know, or b) don't care what they're talking about, I'll cancel my account and switch to another ISP (that won't shut me off). To do what you suggest would be for the greater good of the whole "Internet community", but would negatively affect $ISP's bottom line. Since we all know they only care about themselves, well, draw your own conclusions... -j -- Jeremy L. Gaddis GCWN, MCP, Linux+, Network+ http://www.jeremygaddis.com/
That's not entirely true. I work with shadowserver on shutting botnets down, and cox HSI is one of the most helpful in shutting down any IPs that we find on their network that are being used as a C&C or that are in a botnet. the fastest response time I've gotten from them is 30 seconds to shut one down, longest is 10 minutes. They don't fully block the account though, instead they lock it so they can access cox's site, some A/V and adware remove sites, and microsoft's update site. They then send them an email and a snail mail letter informing them about what happened to their account and what they have to do to get it turned back on. Before cox will turn it back on the user has to call in and then cox will run nmap against their box, and then use a packet sniffer to see if they are still trying to connect against an outside network. If they clear that, then and only then are they allowed back on the internet. Cox charges a fair bit for their internet, but they do one hell of a good job keeping their network clean so I've gotta give them props! worst networks: aol and comcast. cheers, Kyle -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2-ecc0.1.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEbIwqVFIipMnXxfYRAlrWAJ49qSHY8bWkdcUUC9ezkCbZE5UQUwCgkQ6B zfQWOvtYYtVll4DoIUTye3w= =mv8v -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- blue security folds Gadi Evron (May 17)
- bluesecurity IS the spammers you fools. Re: blue security folds donnydark (May 18)
- Re: bluesecurity IS the spammers you fools. Re: [Full-disclosure] blue security folds Valdis . Kletnieks (May 18)
- <Possible follow-ups>
- RE: blue security folds Mike Adams (May 17)
- Re: blue security folds Peter Besenbruch (May 17)
- Re: blue security folds nocfed (May 17)
- Re: blue security folds Gaddis, Jeremy L. (May 17)
- Re: blue security folds Michael Silk (May 17)
- Re: blue security folds evilrabbi (May 18)
- Re: blue security folds Steve Kudlak (May 18)
- Re: blue security folds Kyle Lutze (May 18)
- Re: blue security folds Peter Besenbruch (May 17)
- bluesecurity IS the spammers you fools. Re: blue security folds donnydark (May 18)
- Re: blue security folds nocfed (May 19)
- Re: blue security folds Aaron Gray (May 19)