mitigating botnet C&Cs has become useless
Bora Akyol
bora at broadcom.com
Thu Aug 3 23:22:47 UTC 2006
I am not being a discounting the efforts of many people that are on this
list and I personally know or worked with.
What I am saying is that throwing more technology (boxes, appliances
etc) and more manpower at the problem within the NSP,ISP, and ASP boxes
of the network block diagram is NOT going to solve the problem. I am not
saying, stop what you are doing, all I am saying is that, it is TIME to
look at the overall approach that we have taken fighting this war.
It is also NOT passing the buck, it is stating a point. You have to plug
the holes that allow these people to take over PCs at almost zero cost.
If it took them 6 months to discover one hole and 3-6 months to write an
exploit for it, I think you would find that these guys would go find
another line of profitable business.
I will now let everyone get back to their regularly scheduled
programming as I also don't want to go down this rathole any farther.
Regards,
> -----Original Message-----
> From: Fergie [mailto:fergdawg at netzero.net]
> Sent: Thursday, August 03, 2006 4:14 PM
> To: Bora Akyol
> Cc: nanog at merit.edu
> Subject: RE: mitigating botnet C&Cs has become useless
>
> I really didn't intend for this discussion to run down a
> rat-hole like this, but there it is.
>
> If you're going to pass-the-buck on this to (OS flaws) or
> that (stupid user tricks), then there are bigger problem than
> I thought.
>
> Regardless of existing flaws, user idiosyncracies, etc., we
> still have to mitigate _all_ emerging threats. Period.
>
> Your customers, and mine, expect nothing less.
>
> If you think that it's not worth your time, then continue to
> ignore it, but at least leave the rest of us to deal with the
> carnage without being a nayayer poo-poo'ing efforts to the contrary.
>
> - ferg
More information about the NANOG
mailing list