[91547] in North American Network Operators' Group
Re: mitigating botnet C&Cs has become useless
daemon@ATHENA.MIT.EDU (John Kristoff)
Thu Aug 3 21:23:44 2006
Date: Thu, 3 Aug 2006 20:23:14 -0500
From: John Kristoff <jtk@ultradns.net>
To: nanog@merit.edu
In-Reply-To: <44d27727.32d.7892.84418547@mauigateway.com>
Errors-To: owner-nanog@merit.edu
On Thu, 03 Aug 2006 12:22:31 -1000
"Scott Weeks" <surfer@mauigateway.com> wrote:
> > But shutting them down, that's like the police arresting
> > all the informants. It doesn't stop the crime, it just
> > eradicates all your easy leads.
>
> What're folk's thoughts on that?
Well that's one perspective.
I love the bit about tagging the packets and using QoS (whatever that
means) though, that would be a hoot. Keep in mind bots are not just
for DoS. They spam, they capture keystrokes and mouseclicks, they can
be proxies and so on. If in the name of botnets QoS gets widely
deployed I'll put print out this email, puree it in a blender and
humbly chug it down at a future NANOG.
John
