nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mitigating botnet C&Cs has become useless

From: Danny McPherson <danny () tcb net>
Date: Thu, 3 Aug 2006 20:57:09 -0600


On Aug 3, 2006, at 4:22 PM, Scott Weeks wrote:





But shutting them down, that's like the police arresting
all the informants.  It doesn't stop the crime, it just
eradicates all your easy leads.


What're folk's thoughts on that?


I'm not sure I'd liken shutting C&C infrastructure down to
"arresting the informants".  I think that's quite a bad analogy,
actually, as informants are [often] third parties while C&C
infrastructure is used to convey actual execution instructions
- which are very often much more than DoS, as John pointed
out.

-danny
Previous By Date Next
Previous By Thread Next

Current thread: