Fwd: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0)

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Oct 6 18:37:44 UTC 2008

On Sun, 05 Oct 2008 18:30:11 BST, n3td3v said:

> You guys are living in cloud cuckoo land. The rogue government
> wouldn't have their bot nets in home computers that you could shut
> down easily.

Which is easier to shut down, an attack coming from a relatively small
number of /16s that belong to the government, or one coming from the
same number of source nodes scattered *all* over Comcast and Verizon
and BT and a few other major providers?

Hint 1: Consider the number of entry points into your network for the two
cases, especially if you are heavily peered with one or more of the source
ISPs.  Consider also the "shoot self in foot" outcome if you decide to
block *all* of Comcast, Verizon, BT and the others....

Hint 2: If botnets in home computers were so easy to shut down, why are
there so many miscreants still using them for nefarious purposes?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20081006/6cb9972b/attachment.sig>

More information about the NANOG mailing list