nanog mailing list archives
botnets: web servers, end-systems and Vint Cerf
From: Gadi Evron <ge () linuxbox org>
Date: Thu, 15 Feb 2007 21:54:00 -0600 (CST)
On Thu, 15 Feb 2007 Valdis.Kletnieks () vt edu wrote:
On Thu, 15 Feb 2007 19:02:12 CST, Gadi Evron said:Many of them are SMTP-based only. IP reputation is very limited still. Now, all that said, back on "most are broadband users" - no longer true. Many bots (especially in spam) are now web servers.I'm willing to bet that most are *still* broadband users. Quite likely,
Oh, safe bet. :)
even if 100% (yes, *every single last one*) of the "web servers" out there were botted, that would likely still be less systems than if only 5% of end-user
But not less spam? :) I seriously doubt more spam is sent from web servers than user systems, but it's changing. Web servers now play a part which we can notice and measure.
systems were botted. Just a little while back, Vint Cerf guesstimated that there's 140 million botted end user boxes. Unless 100% of Google's servers are botted, there's no way there's that many botted servers. :)
I kept quiet on this for a while, but honestly, I appreciate Vint Cerf mentioning this where he did, and raising awareness among people who can potentially help us solve the problem of the Internet. Still, although I kept quiet for a while, us so-called "botnet experts" gotta ask: where does he get his numbers? I would appreciate some backing up to these or I'd be forced to call him up on his statement. My belief is that it is much worse. I am capable of proving only somewhat worse. His numbers are still staggering so.. where why when how what? (not necessarily in that order). So, data please Vint/Google.
And the fact that web servers are getting botted is just the cycle of reincarnation - it wasn't that long ago that .edu's had a reputation of getting pwned for the exact same reasons that webservers are targets now: easy to attack, and usually lots of bang-for-buck in pipe size and similar.
You mean they aren't now? Do we have any EDU admins around who want to tell us how bad it still is, despite attempts at working on this? Dorms are basically large honey nets. :) Gadi.
Current thread:
- RBL for bots? Drew Weaver (Feb 15)
- Re: RBL for bots? Valdis . Kletnieks (Feb 15)
- Re: RBL for bots? Joel Jaeggli (Feb 15)
- Re: RBL for bots? Valdis . Kletnieks (Feb 15)
- Re: RBL for bots? Gadi Evron (Feb 15)
- Re: RBL for bots? Valdis . Kletnieks (Feb 15)
- botnets: web servers, end-systems and Vint Cerf Gadi Evron (Feb 15)
- Re: botnets: web servers, end-systems and Vint Cerf Peter Moody (Feb 15)
- Re: botnets: web servers, end-systems and Vint Cerf Gadi Evron (Feb 15)
- Re: botnets: web servers, end-systems and Vint Cerf Rich Kulawiec (Feb 16)
- rDNS naming David Barak (Feb 20)
- Re: RBL for bots? Joel Jaeggli (Feb 15)
- Re: botnets: web servers, end-systems and Vint Cerf Valdis . Kletnieks (Feb 15)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Valdis . Kletnieks (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 16)
- Re: RBL for bots? Valdis . Kletnieks (Feb 15)
- Re: botnets: web servers, end-systems and Vint Cerf Eric Gauthier (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Gadi Evron (Feb 16)