mitigating botnet C&Cs has become useless

Sat Aug 5 20:35:05 UTC 2006

On Aug 4, 2006, at 12:00 AM, bmanning at vacation.karoshi.com wrote:

>
> useless...
>
> 	perhaps.  i'm partly of the mind that botnets, p2p networks, manets,
> and other self-organizing systems are the "wave" of the future (or  
> even the
> present) and the technologies, per se, are not inherently "evil" or  
> even bad.

Well, that clearly depends on your prescription for "self-organizing".
I certainly wouldn't categorize the botnets I'm referring to as self-
organizing, in particular when they're being employed in a _very
organized manner - most always unbeknownst to each systems
ultimate owner, and more and more often in such a way that allows
A botherder to employ them for an ever-expanding array of
malicious activities.

> 	imho, it is short sighted to try and curtail, mitigate, and eradicate
> these types of technologies -  its kind of like trying to kill off  
> SMTP because
> it only sends spam, FTP because its only used to distribute PR0N...  
> and HTTP
> because its only used by peadophiles stalking my daughters on  
> MySpace...
>
> 	better to understand how these things are used and figure out how to
> determine INTENT and then filter on that instead of technological  
> eradication.

Right, hence my point.  By and large, SPs don't have the time or
resources to police the greater Internet, and therefore, they respond
in a very reactive fashion when some malicious activity *that* warrants
action dictates.  Taking out known botnet C&C infrastructure is more
proactive and at least from my perspective, continues to yield a
discernible impact.

It's all about ROI - and anything more than reactionary measures
only moves them further from profitability.  Putting solutions in place
that allow the SPs to recoup costs associated with playing sysadmin
for customers are the only way they'll be able to give dedicated
focus to the problem.

> just my contrarian 0.02 rupias.

I'd expect no less Bill :-)

-danny