mitigating botnet C&Cs has become useless

Joseph S D Yao jsdy at center.osis.gov
Wed Aug 9 18:59:32 UTC 2006


On Wed, Aug 02, 2006 at 08:25:40AM +0200, Peter Dambier wrote:
...
> Let me try to become Gadi. First of all block port 80 (http) :)
> Next block port 53 udp (dns).
> 
> Now you have got rid of amplification attacks because spoofing does
> no longer work and you have got rid of all those silly users that
> only know how to click the mouse.
...


I think it was the 1970s when I started telling people that the only
truly secure computer was the one that was unplugged and buried under
two miles of fused stone.  Of course, this conflicts with usability.
And, these days, with the all-worshipped network access.

This level of security is, of course, not the solution.  I trust that
Peter D. was being sarcastic.


On Wed, Aug 02, 2006 at 06:29:55AM +0000, Paul Vixie wrote:
> surfer at mauigateway.com ("Scott Weeks") writes:
> > ... I'm just saying that there has to be a better way than police-type
> > actions on a global scale.  ...
> 
> no, there doesn't have to be such a way.  where the stakes are in meatspace
> (pun unintended), the remediation has to be in meatspace.  cyberspace is
> just a meatspace overlay, it can only pretend to have different laws when
> nothing outside of cyberspace is at stake.  i think that the days when
> botnets were mostly used for kiddie-on-kiddie violence or even gangster-on-
> gangster violence are permanently behind us.  it's up to the real LEOs now,
> because it's on their turf now, which is to say, it's in the real world now.
> 
> as was true of spam when i said this about spam ten years ago, it is true
> now of botnets that the only technical solution is "gated communities".  but
> the internet's culture, which merely mirrors the biases of those who use it,
> requires the ability for children to go door to door selling girl scout
> cookies, without necessarily having the key code to every one of the doors.
> 
> so the internet community has no appetite for the trappings of any technical
> solution to botnets.  the meatspace community and their LEOs absolutely *do*.


I think it was Scott Weeks who pointed out that gated communities are
for the rich, and only push the E-VIL out to the rest of the community,
who then have to board up their windows and cower.

How do we make our world less fearsome?

As Barry Shein and others mentioned, we have to make this kind of action
in general something which people are afraid to do because of its
consequences.  We also want to make it something which people are
reluctant to do, not only because it's unprofitable, but because it's
WRONG.

I may sound like a fogy when I say this [OK, maybe I am one, but so are
most of you that grew up along with me!], but it seems that in general
many folks are worrying less about what is RIGHT and WRONG, but about
what they can get away with, and what society feels permissive about.
That's a general problem.  It can be fixed only be educating folks from
the time they're born (a) to CARE about "right" and "wrong", and (b) to
understand that messing with another's packets is as wrong as messing
with his bank account.

To make it less profitable, we have to make it harder.  That means
making sure that protection on networks is as good as possible.  I am
less adept at elaborating on that than many who have already done so.

To make sure that there are consequences, we need to work with local Law
Enforcement Organizations [for those who didn't know what LEOs were] to
get these folks punished somehow.  If that means that we have to educate
the LEOs and legislatures, then that's what it takes.

Do we need special Internet police?  I would hope not.  But perhaps we
need an educated CyberCrime division of existing LEOs.  This will not
happen tomorrow, and not at all if we don't both push and help.

And why is it up to us to do these things?  Because it's our job.  And
in some cases our vocation.  It may cost us more, or we may volunteer
more time to do some of these things.  But if the ones who know what
they are doing don't do this, then it will cost us all even more.


-- 
Joe Yao
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.



More information about the NANOG mailing list