nanog mailing list archives
Re: mitigating botnet C&Cs has become useless
From: Sean Donelan <sean () donelan com>
Date: Sat, 5 Aug 2006 17:17:27 -0400 (EDT)
On Sat, 5 Aug 2006, Danny McPherson wrote:
Right, hence my point. By and large, SPs don't have the time or resources to police the greater Internet, and therefore, they respond in a very reactive fashion when some malicious activity *that* warrants action dictates. Taking out known botnet C&C infrastructure is more proactive and at least from my perspective, continues to yield a discernible impact.
Even assuming SPs had the time and the resources, its not always clear what actions should be considered acceptable for SPs to do. If resources were the only issue, making this another "War on X" and throwing lots of money at the problem would be the answer. But that's not the right answer. People/customers seem to get just as upset with "proactive" SPs as they do with "unactive" SPs. Even if it was possible to run the Internet like the most secure closed corporate network, is that what people actually want? I know lots of vendors that would be more than happy to sell SPs lots and lots of security stuff to achieve that ;-) Hopefully, by their nature SPs will always be a bit reactive. Unless I want them to, I don't want SPs messing with my traffic. Its my right to connect anything I want, send anything I want, do anything I want with my Internet connection. On the other hand, when I do complain I want the SP to instantly be able to stop anything I don't want, even when I don't know what it is, and be able to track every bad thing that every happened even before I knew it was bad but not keep records of what anyone has done. And of course, I don't think I should pay extra for it. Railroads have the railroad police. The Post Office has postal inspectors. Do we want to give ISP security the power to arrest people? There are probably some security officers at SPs that would love to bust some doors down and slap handcuffs on a few people.
Current thread:
- RE: mitigating botnet C&Cs has become useless, (continued)
- RE: mitigating botnet C&Cs has become useless Barry Greene (bgreene) (Aug 02)
- RE: mitigating botnet C&Cs has become useless Fergie (Aug 02)
- Re: mitigating botnet C&Cs has become useless Danny McPherson (Aug 03)
- Re: mitigating botnet C&Cs has become useless Fergie (Aug 03)
- RE: mitigating botnet C&Cs has become useless Bora Akyol (Aug 03)
- RE: mitigating botnet C&Cs has become useless Scott Weeks (Aug 03)
- Re: mitigating botnet C&Cs has become useless John Kristoff (Aug 03)
- Re: mitigating botnet C&Cs has become useless Danny McPherson (Aug 03)
- Re: mitigating botnet C&Cs has become useless bmanning (Aug 03)
- Re: mitigating botnet C&Cs has become useless Danny McPherson (Aug 05)
- Re: mitigating botnet C&Cs has become useless Sean Donelan (Aug 05)
- Re: mitigating botnet C&Cs has become useless Danny McPherson (Aug 05)
- Re: mitigating botnet C&Cs has become useless Aaron Glenn (Aug 08)
- Re: mitigating botnet C&Cs has become useless Barry Shein (Aug 03)
- RE: mitigating botnet C&Cs has become useless Bora Akyol (Aug 03)
- RE: mitigating botnet C&Cs has become useless Bora Akyol (Aug 03)
- Re: mitigating botnet C&Cs has become useless Mattias Ahnberg (Aug 03)
- Re: mitigating botnet C&Cs has become useless Simon Waters (Aug 08)