[74587] in North American Network Operators' Group
Re: short Botnet list and Cashing in on DoS
daemon@ATHENA.MIT.EDU (Gadi Evron)
Thu Oct 7 12:17:07 2004
Date: Thu, 07 Oct 2004 18:19:59 +0200
From: Gadi Evron <ge@linuxbox.org>
To: "Hannigan, Martin" <hannigan@verisign.com>
Cc: nanog@merit.edu
In-Reply-To: <6A8CA21E339F634E96E13AB97D73227503BD53A8@pro1wnexc01.vcorp.ad.vrsn.com>
Errors-To: owner-nanog-outgoing@merit.edu
> Going after the bots is lesser effort. The controllers are
> a priority.
That's not happening.
AV companies are mostly interested in hyping the latest worm or
semi-worm. Drone armies, hundreds of thousands large (no exaggeration)
are just too much of an effort with 1000+ new Trojan horses coming out
every month.
Also, there are virtually no resources directed at this problem except
for a _few_ numbered concerned individuals from various corporate
security teams and a few people who use IRC networks, world-wide.
As long as so many computers are out there for the taking, it is almost
an impossible war.
Maybe it would be possible to check if any users from a location you are
in-charge of are connecting to these IP's and sending them an automated
email about their security plus a deal on an AV product (whatever it is
worth for this)?
I doubt many here have the time to even consider such an effort, even
with the deal.
There are easier ways, such as seeing who in a said network connects out
with recognized signatures.. again, I doubt many would bother.
Spam, viruses, it all revolves around the same problem. The users
en-masse are a serious risk on the macro level. Besides, with so many
drones around and infected machines - who needs a proxy to be anonymous?
Gadi Evron.
