mitigating botnet C&Cs has become useless

• Previous message (by thread): mitigating botnet C&Cs has become useless
• Next message (by thread): mitigating botnet C&Cs has become useless
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 8 Aug 2006, Simon Waters wrote:

> However most big residential ISPs must be getting to the point where 10% 
> bandwidth saving would justify buying in third party solutions for 
> containing malware sources. I assume residential ISPs must be worse than

The problem here is that if you build your network "right", ie just IP 
routing and no tunneling, you don't get a natural choke-point on where to 
put any kind of solution like you propose.

When I did the business calculations on DSL solution my math told me it 
cost approx the same (or even cheaper) to just provide internet capacity 
than to offer bitstream/tunneling. The devices involved in the tunneling 
cost more than actually providing global internet bandwidth and not doing 
any tunneling at all. It's also a much cleaner solution with fewer places 
than can break or cause problems. You have a clean 1500 MTU all the way, 
etc. So in all of thise, if the 10% figure is correct then it's cheaper to 
just waste those 10% for the residential ISP than to try to stop it, so 
I'd have to agree with the people in the thread who said that.

It might not be the right thing, but the economics for the residential ISP 
it costs a lot to try to be proactive about these things, especially since 
botnets can send just a little traffic per host and it's hard to even 
detect.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

• Previous message (by thread): mitigating botnet C&Cs has become useless
• Next message (by thread): mitigating botnet C&Cs has become useless
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]