[91601] in North American Network Operators' Group
Re: mitigating botnet C&Cs has become useless
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Tue Aug 8 16:06:18 2006
Date: Tue, 8 Aug 2006 22:05:33 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: nanog@merit.edu
In-Reply-To: <200608081635.27861.simonw@zynet.net>
Errors-To: owner-nanog@merit.edu
On Tue, 8 Aug 2006, Simon Waters wrote:
> However most big residential ISPs must be getting to the point where 10%
> bandwidth saving would justify buying in third party solutions for
> containing malware sources. I assume residential ISPs must be worse than
The problem here is that if you build your network "right", ie just IP
routing and no tunneling, you don't get a natural choke-point on where to
put any kind of solution like you propose.
When I did the business calculations on DSL solution my math told me it
cost approx the same (or even cheaper) to just provide internet capacity
than to offer bitstream/tunneling. The devices involved in the tunneling
cost more than actually providing global internet bandwidth and not doing
any tunneling at all. It's also a much cleaner solution with fewer places
than can break or cause problems. You have a clean 1500 MTU all the way,
etc. So in all of thise, if the 10% figure is correct then it's cheaper to
just waste those 10% for the residential ISP than to try to stop it, so
I'd have to agree with the people in the thread who said that.
It might not be the right thing, but the economics for the residential ISP
it costs a lot to try to be proactive about these things, especially since
botnets can send just a little traffic per host and it's hard to even
detect.
--
Mikael Abrahamsson email: swmike@swm.pp.se
