mitigating botnet C&Cs has become useless
Danny McPherson
danny at tcb.net
Fri Aug 4 02:57:09 UTC 2006
On Aug 3, 2006, at 4:22 PM, Scott Weeks wrote:
>
>> But shutting them down, that's like the police arresting
>> all the informants. It doesn't stop the crime, it just
>> eradicates all your easy leads.
>
> What're folk's thoughts on that?
I'm not sure I'd liken shutting C&C infrastructure down to
"arresting the informants". I think that's quite a bad analogy,
actually, as informants are [often] third parties while C&C
infrastructure is used to convey actual execution instructions
- which are very often much more than DoS, as John pointed
out.
-danny
More information about the NANOG
mailing list