[91548] in North American Network Operators' Group
Re: mitigating botnet C&Cs has become useless
daemon@ATHENA.MIT.EDU (Danny McPherson)
Thu Aug 3 22:56:31 2006
In-Reply-To: <44d27727.32d.7892.84418547@mauigateway.com>
From: Danny McPherson <danny@tcb.net>
Date: Thu, 3 Aug 2006 20:57:09 -0600
To: NANOG <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
On Aug 3, 2006, at 4:22 PM, Scott Weeks wrote:
>
>> But shutting them down, that's like the police arresting
>> all the informants. It doesn't stop the crime, it just
>> eradicates all your easy leads.
>
> What're folk's thoughts on that?
I'm not sure I'd liken shutting C&C infrastructure down to
"arresting the informants". I think that's quite a bad analogy,
actually, as informants are [often] third parties while C&C
infrastructure is used to convey actual execution instructions
- which are very often much more than DoS, as John pointed
out.
-danny
