The problem is, you dont know what is behind that probably NATted ip address. Probably you have 3 unix machines running smtp and uucp and a single infected windows box and maybe some VoIPs and ... You kill everything but that single maudit infected windows. The guy who is running the windows box is Dad and he wont come home before the weekend. Oh, you killed the VoIP. Sorry I cannot fone Dad and tell him his pc is infected. You might as well hit a small business with some 50 workstations. Again you hit their VoIP and maybe their VPN so their outsourced system manager cannot dial in and try to repair things. Maybe it would teach them not to get infected but I would not want to be their ISP. Of course we are "only" talking about IRC but which botherder is depending on IRC only? Kind regards Peter and Karin Mattias Ahnberg wrote:
James Hess wrote:
I suspect it would be most useful if "detected drones" by most major IRC network would be visible to cooperating ISPs for further analysis, not just Undernet.
I'd dare to say that most of us major networks hardly see a small percentage of the big botnets around, the miscreants have since a long time back learned to use own C&Cs where the connected IPs of a connected client is hidden from all but themselves.
But it certainly would not hurt if there was a good way to report drones to ISPs and actually get some attention to the problem. A bunch of small streams quickly build up to a larger river in the end, I guess.
Perhaps a larger issue for the ISPs is what to actually DO with their infected customers. To what extent is the ISP responsible for what their users do and how their computers are setup? I do not have a clear answer to that.
Since almost every user is using the web a nice system could be to redirect reported PCs through a proxy the ISP controls where the user can get information about what to do about problems and at the same time still reach the Internet after chosing to click away the information; or something along those lines.
-- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.arl.pirates http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/