[108487] in North American Network Operators' Group
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Oct 6 14:37:56 2008
To: n3td3v <xploitable@gmail.com>
In-Reply-To: Your message of "Sun, 05 Oct 2008 18:30:11 BST."
<4b6ee9310810051030q5bdffe58rc0d3cdb0cd8bbef9@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 06 Oct 2008 14:37:44 -0400
Cc: n3td3v <n3td3v@googlegroups.com>, full-disclosure@lists.grok.org.uk,
nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1223318263_7434P
Content-Type: text/plain; charset=us-ascii
On Sun, 05 Oct 2008 18:30:11 BST, n3td3v said:
> You guys are living in cloud cuckoo land. The rogue government
> wouldn't have their bot nets in home computers that you could shut
> down easily.
Which is easier to shut down, an attack coming from a relatively small
number of /16s that belong to the government, or one coming from the
same number of source nodes scattered *all* over Comcast and Verizon
and BT and a few other major providers?
Hint 1: Consider the number of entry points into your network for the two
cases, especially if you are heavily peered with one or more of the source
ISPs. Consider also the "shoot self in foot" outcome if you decide to
block *all* of Comcast, Verizon, BT and the others....
Hint 2: If botnets in home computers were so easy to shut down, why are
there so many miscreants still using them for nefarious purposes?
--==_Exmh_1223318263_7434P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFI6lr3cC3lWbTT17ARAjoBAJ9hc/m0bjdVADcDPXBG+42+c0tgVQCgrKrI
UcjzoT7SLjHgJzReueDlnAc=
=E8nj
-----END PGP SIGNATURE-----
--==_Exmh_1223318263_7434P--
