On another security note... (of sorts)

• Previous message (by thread): NOC Best Practices
• Next message (by thread): On another security note... (of sorts)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<upcoming-getting-old-birthday-ramble>

While on another list (security list that some of you guys are on) there
is a discussion about a particular botnet that the "BP approach" of
containment is occurring. Not a big deal, we've all seen them from time
to time.

I read with interest on how volunteers are scrambling to contain this
botnet. Mind you, most of us work and do this (security tidbits) at the
same time while we work. Many of us do it for self-satisfaction, for
learning, for maybe naively thinking we can help make the net a better
place (INSERT_SAPPY_SONG_THERE). I just can't help but taking the 50k
foot view here... Why is it that network operators can't work together
on instances like this and have a "botnet killswitch" framework in
order. Now I know I will see the ramblings of "Why should I waste my
time (spend my money)" or "This is not an operational post take a hike"
and other similar posting however, this IS related to 'many-a-networks'
that could be avoided.

RFP anyone.. Botnet Mitigation for Networks surely collectively it would
and CAN work. Is it going to take an act of someone 'pwning' everyone's
account here before someone else says: "We should work together" or will
go in one ear and out the other while misfits run around emptying out
accounts, causing businesses to go under. Some of you guys have the most
amazing minds and have literally been the glue for what we use (the
Internet) and some have been the laziest admins I've seen on the planet.
Surely even a minimal framework to submit "validated" botnet
distribution sites is something everyone can collectively do. Nipping at
the head surely minimizes the overall damage these things are doing.

Now I do know some would come back and state the oft-said "Why bother!
... Dude fast-flux, etc." We know... To those, why respond.  How about
solutions from those who are controlling how traffic on the net flows.

</upcoming-getting-old-birthday-ramble>

-- 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT

"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E

• Previous message (by thread): NOC Best Practices
• Next message (by thread): On another security note... (of sorts)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]