mitigating botnet C&Cs has become useless
Michael Loftis
mloftis at wgops.com
Wed Aug 9 16:02:25 UTC 2006
--On August 8, 2006 4:03:36 PM +0200 Arjan Hulsebos
<arjan.hulsebos at gmail.com> wrote:
>
> On Sat, 5 Aug 2006 17:17:27 -0400 (EDT), Sean Donelan typed:
>
>> Railroads have the railroad police. The Post Office has postal
>> inspectors. Do we want to give ISP security the power to arrest
>> people?
>
> We (ISPs) already do have that power, we can disconnect misbehaving
> subscribers. And in cases like this, we should keep them off the 'net
> until they've cleaned up their PC.
That's a nice idea, except how? How do you prove a user has gotten the
malware off and patched? And further how can they do that without internet
access? Hint, FWIR, it's not legal for us to distribute MS's patches to
our subs.
So how do you propose that? Some customers will fix themselves, some will
just cancel and find an ISP that doesn't care they're spewing spam and worm
traffic all the while complaining about how slow their internet service is.
I'm really seriously interested, and I'm not trying to be a flaming
troll-bait here. This is a *huge* problem. You can turn off a user sure
enough, but how do you know it's OK to let that user back on.
> And besides doing that, we should educate our subs on how to properly
> maintain their PC (installing and keeping up-to-date antivirus
> software, patch the OS on a regular basis, you know the drill).
And how is it our responsibility to educate users? I don't think it
necessarily is. However because noone else is and we're all the ones most
hurt by it we're forced to.
More information about the NANOG
mailing list