Are botnets relevant to NANOG?

Peter Dambier peter at
Fri May 26 14:37:05 UTC 2006

Michael.Dillon at wrote:
> In recent discussions about botnets, some people maintained
> that botnets (and viruses and worms) are really not a relevant
> topic for NANOG discussion and are not something that we
> should be worried about. I think that the CSI and FBI would 
> disagree with that.

Some people need whatever bandwidth they can get for ranting.
Of course routing reports, virus reports and botnet bgp statistics
take away a lot of valuable bandwidth that could otherwise be used
for nagging. On the other hand without Gadi's howling for the
wolves those wolves might be lost species and without the wolves
all the nagging and ranting would make less fun.

> Now NANOG members cannot change OS security, they can't
> change corporate security practices, but they can have 
> an impact on botnets because this is where the nefarious
> activity meets the network.

They can. All you have to do is look for free software and
join the devellopers or the testers or report whatever you
have found out.

When working for Exodus and GLC I have seen I could change
security practices. I was working in London, Munich and
Frankfurt NOCs.

Sorry I did not know about NANOG that time. It would have
made my live a lot more interesting.

> Therefore, I conclude that discussions of botnets do 
> belong on the NANOG list as long as the NANOG list is
> not used as a primary venue for discussing them.

Botnets are networks. We should have the network operators
on the NANOG list. (I am afraid we do already have them :)

> One thing that surveys, such as the CSI/FBI Security
> Survey, cannot do well is to measure the impact of 
> botnet researchers and the people who attempt to shut
> down botnets. It's similar to the fight against terrorism.
> I know that there have been 2 terrorist attacks on
> London since 9/11 but I don't know HOW MANY ATTACKS
> HAVE BEEN THWARTED. At least two have been publicised 
> but there could be dozens more.
> Cleaning up botnets is rather like fighting terrorism.
> At the end, you have nothing to show for it. No news
> coverage, no big heaps of praise. Most people aren't
> sure there was ever a problem to begin with. That doesn't
> mean that the work should stop or that network providers
> should withold their support for cleaning up the
> botnet problem.

Maybe it is high time for a transparent frog. Invisible
for secure systems but as soon as one of the bots tries
to infect it, it will ...

In case you are not Gadi or working for Gadi, feel free
to ignore the tranparent frog. I have never met one :)

Peter and Karin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP:
mail: peter at
mail: peter at

More information about the NANOG mailing list