[94972] in North American Network Operators' Group
Re: botnets: web servers, end-systems and Vint Cerf
daemon@ATHENA.MIT.EDU (Peter Moody)
Fri Feb 16 00:10:07 2007
Date: Thu, 15 Feb 2007 21:03:17 -0800
From: "Peter Moody" <peter.moody@gmail.com>
To: "Gadi Evron" <ge@linuxbox.org>
Cc: Valdis.Kletnieks@vt.edu, "Drew Weaver" <drew.weaver@thenap.com>,
nanog@merit.edu
In-Reply-To: <Pine.LNX.4.21.0702152148370.4861-100000@linuxbox.org>
Errors-To: owner-nanog@merit.edu
------=_Part_1486_6808383.1171602197160
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
> > systems were botted. Just a little while back, Vint Cerf guesstimated
> that
> > there's 140 million botted end user boxes. Unless 100% of Google's
> servers
> > are botted, there's no way there's that many botted servers. :)
>
> I kept quiet on this for a while, but honestly, I appreciate Vint Cerf
> mentioning this where he did, and raising awareness among people who can
> potentially help us solve the problem of the Internet.
>
> Still, although I kept quiet for a while, us so-called "botnet
> experts" gotta ask: where does he get his numbers? I would appreciate some
> backing up to these or I'd be forced to call him up on his statement.
>
> My belief is that it is much worse. I am capable of proving only somewhat
> worse. His numbers are still staggering so.. where why when how what? (not
> necessarily in that order).
>
> So, data please Vint/Google.
Dr. Cerf wasn't speaking for Google when he said this, so I'm not sure why
you're looking that direction for answers. But since you ask, his data came
from informal conversations with A/V companies and folks actually in the
trenches of dealing with botnet ddos mitigation. The numbers weren't taken
from any sort of scientific study, and they were in fact mis-quoted (he said
more like 10%-20%).
so you go ahead an call him on it Gadi; you're a "botnet expert" after all.
> And the fact that web servers are getting botted is just the cycle of
> > reincarnation - it wasn't that long ago that .edu's had a reputation of
> > getting pwned for the exact same reasons that webservers are targets
> now:
> > easy to attack, and usually lots of bang-for-buck in pipe size and
> similar.
>
> You mean they aren't now? Do we have any EDU admins around who want to
> tell us how bad it still is, despite attempts at working on this?
>
> Dorms are basically large honey nets. :)
spoken like someone who's not actually spent time cleaning up a resnet.
cleaning up a resnet must look downright impossible when you spend so much
time organizing conferences.
(my opinions != my employer's, etc. etc.)
Cheers,
.peter
------=_Part_1486_6808383.1171602197160
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
<br><div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">> systems were botted. Just a little while back, Vint Cerf guesstimated that<br>
> there's 140 million botted end user boxes. Unless 100% of Google's servers<br>> are botted, there's no way there's that many botted servers. :)<br><br>I kept quiet on this for a while, but honestly, I appreciate Vint Cerf
<br>mentioning this where he did, and raising awareness among people who can<br>potentially help us solve the problem of the Internet.<br><br>Still, although I kept quiet for a while, us so-called "botnet<br>experts" gotta ask: where does he get his numbers? I would appreciate some
<br>backing up to these or I'd be forced to call him up on his statement.<br><br>My belief is that it is much worse. I am capable of proving only somewhat<br>worse. His numbers are still staggering so.. where why when how what? (not
<br>necessarily in that order).<br><br>So, data please Vint/Google.</blockquote><div><br><div><br>
Dr. Cerf wasn't speaking for Google when he said this, so I'm not sure
why you're looking that direction for answers. But since you ask, his
data came from informal conversations with A/V companies and folks actually in the trenches of dealing with botnet ddos mitigation. The numbers
weren't taken from any sort of scientific study, and they were in fact
mis-quoted (he said more like 10%-20%).<br>
</div> <br>so you go ahead an call him on it Gadi; you're a "botnet expert" after all.<br></div><br><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> And the fact that web servers are getting botted is just the cycle of<br>> reincarnation - it wasn't that long ago that .edu's had a reputation of<br>> getting pwned for the exact same reasons that webservers are targets now:
<br>> easy to attack, and usually lots of bang-for-buck in pipe size and similar.<br><br>You mean they aren't now? Do we have any EDU admins around who want to<br>tell us how bad it still is, despite attempts at working on this?
<br><br>Dorms are basically large honey nets. :)</blockquote><div><br>spoken like someone who's not actually spent time cleaning up a resnet. cleaning up a resnet must look downright impossible when you spend so much time organizing conferences.
<br> <br></div><br></div>(my opinions != my employer's, etc. etc.)<br><br>Cheers,<br>.peter<br><br>
------=_Part_1486_6808383.1171602197160--
