James Hess wrote:
I suspect it would be most useful if "detected drones" by most major IRC network would be visible to cooperating ISPs for further analysis, not just Undernet.
I'd dare to say that most of us major networks hardly see a small percentage of the big botnets around, the miscreants have since a long time back learned to use own C&Cs where the connected IPs of a connected client is hidden from all but themselves. But it certainly would not hurt if there was a good way to report drones to ISPs and actually get some attention to the problem. A bunch of small streams quickly build up to a larger river in the end, I guess. Perhaps a larger issue for the ISPs is what to actually DO with their infected customers. To what extent is the ISP responsible for what their users do and how their computers are setup? I do not have a clear answer to that. Since almost every user is using the web a nice system could be to redirect reported PCs through a proxy the ISP controls where the user can get information about what to do about problems and at the same time still reach the Internet after chosing to click away the information; or something along those lines. -- /ahnberg.