mitigating botnet C&Cs has become useless

Bora Akyol bora at broadcom.com
Thu Aug 3 23:04:05 UTC 2006


I see you are an optimist.

As much as I like to build more technology, in this case neither more
technology, nor more manpower devoted to service providers and
networking is going to fix this problem.

There is a real good analogy to this going on in Santa Clara county (SF
Bay Area) where West Nile virus is a real threat. Initially the county
tried to spray and in general kill the mosquitos. 

Well, it turns out that this did not work, they got more. Then, they
started doing aerial surveys of the area and going to every single water
body that seemed to contain stagnant water. And they made it impractical
for mosquitos to breed. Then they sprayed, and now it turns out that the
mosquitos are slowly disappearing.

Coming back to our topic at hand, first you have to get rid of the buggy
code/OS that is running out there. At the same time, you put in the law
enforcement (must be able to span across countries) controls to punish
the people that get caught.

Then, I think you can kill off what's left.

Just throwing more network engineers and more gear will not get you
where you want to go IMHO. It would make quite a few companies a lot of
money though.


> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On 
> Behalf Of Fergie
> Sent: Thursday, August 03, 2006 3:54 PM
> To: Bora Akyol
> Cc: nanog at merit.edu
> Subject: RE: mitigating botnet C&Cs has become useless
> 
> 
> I've got news for you.
> 
> To impact the miscreant's bottom-line, then it will take:
> 
> A) Technology, and;
> B) Manpower
> 
> It will also take:
> 
> C) Better cooperative efforts.
> 
> - ferg
> 
> 
> 
> -- "Bora Akyol" <bora at broadcom.com> wrote:
> 
> IMHO,
> 
> This is not a problem we can solve by adding:
> 
> a) technology (other than completely dumping the OS(s) that make this
> possible)
> b) manpower 
> 
> I think it can be solved by reducing the margins in the 
> miscreant business line or ideally having it have negative margins.
> 
> > I would suggest more specific attention by service providers 
> > specifically, and everyone in general, perhaps with more "abuse 
> > services" -related tracks at meetings like NANOG. :-)
> > 
> > Or something along those lines...
> <snip>
> 
> I think better to focus on the economics of the business as 
> part of the abuse track.
> 
> 
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet  
> fergdawg(at)netzero.net  ferg's tech blog: 
> http://fergdawg.blogspot.com/
> 
> 
> 




More information about the NANOG mailing list