short Botnet list and Cashing in on DoS

J. Oquendo sil at
Sat Oct 9 04:43:07 UTC 2004

>> Most ISP's truly don't want this as their own problem. I personally
>> don't blame them. Luckily the ISP I work for has no home users.

Most ISP's wouldn't have to deal with this problem if corporations took
the time to release better products. I was faced with the question of
"What do you do for infected clients?" What can an ISP do. Most of the
times ISP's become the de facto MS technical support team and it is rather
unfair and costly to have technical support staff on the phone constantly
putting out MS' fires. They are left with the prospect of losing clients
when the client is told "It's an MS problem you have to contact MS", yet
they've called MS and spoke with someone likely in another country who has
no clue, called  Dell and spoke with yet another clueless person, and all
they wanted to do was surf the net. What do you tell a client when they
start stating "Well then I want to cancel my service" because they don't
understand, and won't care to since they're frustrated. Sure take a hit
with one client cancelling an account, what happens when it grows?

As for the prior responses of "You will get DoS'ed" this I am aware of.
Problems that concerned me were more of the tracking issues, coupled with
the fact that there would be no guarantee that admins would do anything
about it. Take the case of that one Californian who hijacked a /16 a while
back I believe from a county over there. Admins like this are liable to
sit back and do nothing since along the line someone is going to be paying
money for the traffic. It is rather sad, and worse when you contact their
upstream and they too do little. Consider (and I will keep mentioning them
this since it bugs me) EV1, Everybody's Internet. Not only do they host
some botnets, malware spewing servers, spam relays, terrorists related
sites, their excuse is "Well we don't know who we rent to"

Now I know laws are being worked in along the way, but if you own a home
and rent it out, then it gets subletted, the re-sub'ed, let's say fifty
transactions occurred, you own the home. If someone down the line is
running drugs out of the apartment your house is gone.

Yes their is little that can be done right now, but yet there ARE
things that CAN BE DONE. I'm one that is skeptical about laws since laws
abroad would mean nothing here and vice versa, but where are things
headed? Spend more on infrastructure to support these issues when you
shouldn't have to or buy bigger equipment to handle filtering when you
shouldn't have to. I say nip it at the bud, if you're an upstream provider
and you see some of these issues, three strikes shut these things down, or
nullroute them, don't just sit twiddling your thumbs "Oh but that won't
help your idea is silly because foo_x reason." Have something better in
mind propose it. I'm sure some of these networks that are getting DoS'ed
out of existence would love to hear them. Hell some might even pay you to
implement them.

J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99

CA22 0619 DB63 F2F7 51F9 D78D

sil @ politrix . org
sil @ infiltrated . net

"How can we account for our present situation unless we
believe that men high in this government are concerting
to deliver us to disaster?" Joseph McCarthy "America's
Retreat from Victory"

More information about the NANOG mailing list