[116598] in North American Network Operators' Group
Re: Botnet hunting resources (was: Re: DOS in progress ?)
daemon@ATHENA.MIT.EDU (goemon@anime.net)
Mon Aug 10 04:12:55 2009
Date: Mon, 10 Aug 2009 01:11:34 -0700 (PDT)
From: goemon@anime.net
To: Luke S Crawford <lsc@prgmr.com>
In-Reply-To: <m3y6ps6rc4.fsf@luke.xen.prgmr.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, 10 Aug 2009, Luke S Crawford wrote:
> goemon@anime.net writes:
>> On Fri, 8 Aug 2009, Luke S Crawford wrote:
>>> 1. are there people who apply pressure to ISPs to get them to shut down
>>> botnets, like maps did for spam?
>> sadly no.
> ...
>
> Why do you think this might be? Fear of (extralegal) retaliation by
> botnet owners? or fear of getting sued by listed network owners? or is
> the idea (shunning packets from ISPs that host botnets) fundamentally unsound?
such a list would include all of chinanet and france telecom. it would
likely not last long.
what do you do when rogue networks are state owned?
> If someone sufficiently trustworthy produced a BGP feed of networks that
> were unresponsive to abuse complaints, do you think other networks would use
> it to block traffic?
no.
> I mean, ultimately I think that having several providers of such feeds
> with differing levels of aggression would be the best case, but someone
> has got to go first.
consider how much time and effort it took to get intercage shut down and
you'd realize it's pretty much a lost cause.
-Dan
