[91629] in North American Network Operators' Group
Re: mitigating botnet C&Cs has become useless
daemon@ATHENA.MIT.EDU (Michael Loftis)
Wed Aug 9 12:12:03 2006
Date: Wed, 09 Aug 2006 10:10:21 -0600
From: Michael Loftis <mloftis@wgops.com>
To: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.64.0608081125530.26030@clifden.donelan.com>
X-MailScanner-From: mloftis@wgops.com
Errors-To: owner-nanog@merit.edu
--On August 8, 2006 12:06:42 PM -0400 Sean Donelan <sean@donelan.com> wrote:
>
> On Tue, 8 Aug 2006, Arjan Hulsebos wrote:
>> We (ISPs) already do have that power, we can disconnect misbehaving
>> subscribers. And in cases like this, we should keep them off the 'net
>> until they've cleaned up their PC.
>
> Botnet C&Cs are not naturally occuring phenomena. Relying only on
> defensive security, and not arresting the criminals, will just result
> in the criminals becoming bolder and more aggressive.
>
> In most cases ISPs are just taking action against innocent bystanders
> that got hit in the cross-fire. Those bystanders aren't the cause. If you
> let the criminals continue trying over and over again, you are just
> training them to become better shots. Telling your customers they should
> wear
> bullet-proof vests whenever they go outside isn't going to stop snippers.
> Arresting the snipper is going to stop the snipper.
Yup this is a social problem. Just like there's nothing actually stopping
any of us from beating up a guy on the street, we don't do it because it
isn't legal, doesn't make sense, etc. Some muggers do, the people in
control of the SPAM problem are the muggers....the people with infected
systems are just the ones who've been mugged.
