Re: Avalanche botnet takedown
--- rfg@tristatelogic.com wrote: From: "Ronald F. Guilmette" <rfg@tristatelogic.com> The Internet, viewed as an organism, quite clearly has, at present, numerous autoimmune diseases. It is attacking itself. And its immune system, such as it is, clearly ain't working. There's going to come a day of reckoning when it will no longer be possible to paper over this sad and self-evident fact. (And no, I'm *not* talking about the fabled "Digital Pearl Harbor". I'm talking instead about the Internet equivalent of the meteor that wiped out the dinosaurs.) --------------------------------------------------- What is your suggestion to keep the sky from falling? scott
We need a cost effective and performant way of blocking botnet traffic in SP networks. Fact is the only way to enforce network policy is from within the network. Laws, putting the onous on users, notifying infected users, etc will never work. We can't expect to solve them all, but at least make it more diffcult by a large margin to run these things. For example blacklisting domains where spam is coming from doesn't stop the problem, but it does help in a big way. Over 800k domains, but I bet they were not using nearly that many IPs. It would be nice to take info from various honeypots about CNC servers and just blackhole those IPs in one way or another very quickly. I don't want to suggest a method of doing this, just as a idea to play around with. -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Scott Weeks Sent: Thursday, December 1, 2016 1:45 PM To: nanog@nanog.org Subject: Re: Avalanche botnet takedown --- rfg@tristatelogic.com wrote: From: "Ronald F. Guilmette" <rfg@tristatelogic.com> The Internet, viewed as an organism, quite clearly has, at present, numerous autoimmune diseases. It is attacking itself. And its immune system, such as it is, clearly ain't working. There's going to come a day of reckoning when it will no longer be possible to paper over this sad and self-evident fact. (And no, I'm *not* talking about the fabled "Digital Pearl Harbor". I'm talking instead about the Internet equivalent of the meteor that wiped out the dinosaurs.) --------------------------------------------------- What is your suggestion to keep the sky from falling? scott
In message <20161201124527.9BE453FD@m0087798.ppops.net>, surfer@mauigateway.com wrote:
What is your suggestion to keep the sky from falling?
My full answer, if fully elaborated, would bore you and everybody else to tears, so I'll try to give you an abbreviated version. It seems to be that it comes down to three things... acceptance, leadership, and new thinking. Acceptance We, the people of this planet, including end users, small ISPs, big ISPs, Tier-1 providers, ICANN, and all of the dangling tentacles that derive their authority and power therefrom, law enforcement globally, and judicial systems globally, have to begin by accepting the undeniable reality that traditional law enforcement and judicial processes have already been utterly overwhelmed by the new phenomenon of international cybercrime, *and*, more importantly, that they always will be. If a teenager can hack your bank account in ten minutes, but it takes three years to bring him to trial, after which he gets a slap on the write and probation... well... any idiot can see that this is an ongoing recipie for disaster on a grand scale. (And in a way, announcements like the one today about a small handful of Internet criminals being busted are actually a bad thing, becase they only serve to perpetuate this comforting but incredibly incorrect mass delusion that traditional law enforcement has the new world of cyberspace well in hand. They don't, and never will. And in fact they are just falling further and further behind with each passing year.) Leadership This has to come from the folks at the top of the food chain, the Tier-1 providers, and sadly, they have become like the banks... everybody hates them, but we all know that we can't live without them, and they are free to make money hand over fist while showing no signs of accountability whatsoever. (And don't kid yourself that there is anything even remotely like independence in any of the bits and pieces, starting from ICANN on down, that currently pass for what is laughingly called "Internet Governance". All of these structures take their cue, and their marching orders, from the Internet industry, and the industry, such as it is, can't change a damn thing without buy-in from the Tier-1 providers.) Unfortunately, in this just-past election, one party's Presidential candidate was criticized for being "too close to the banks", in particular, Goldman Sachs, and the other one has just selected a former Goldman Sachs banker pal of his to run the treasury department in the new administration. This shows that without a massive sea change in the level of anger among the general populace, nothing will change, ever. And so it is also with the Internet industry. End users and consumers need to wake up and start actively demanding that the industry grow up, grow a pair, and stop just sitting idly by while the current ongoing hacking free-for-all claims new victims every goddamn day. When and if that ever happens, perhaps one or more CEOs of Tier-1 providers will finally wake up, smell the coffee, and understand that over a time horizon longer than this coming quarter, they need to start showing some leadership, and help guide the whole industry towards a better and safer future. New Thinking Even miltary men have, for some time now, been calling cyberspace "a new domain of battle, like air, land, sea, and space". Why then do our law enforcement and judicial systems, worldwide, fail to also and likewise accept and begin to deal with this new reality? Everywhere on earth, law enforcement, judicial systems, and governments are, by and large, still trying to pretend that cybercrime is a strictly a local matter. It isn't, and hasn't been, for about 30 years now. Internationalized legal structures are hard to assemble, but they are not hardly without precedent. Why should there not be an international Internet equivalent of the "Law of the Sea"? It is quite common for cybercrimes to cross national borders, and yet I personally have so far never heard of a single instance in which any cybercriminal has been brought before the International Criminal Court in the Hague to stand trial. Why not? Russia and China may (and indeed do) seem to have more than a little reluctance to allow extradition of their cybercriminals to the U.S. to stand trial. OK then. What will be their excuse if we instead say that such defendants should be rendered unto, and be brought before the bar in The Hague? Are ISPs, by and large, so absolutely desperate for new clients that they absolutely and positively MUST sell connectivity to any homo sapien who can successfully fog a mirror? If I go to my local cable TV provider and I ask them to give me new service, but also tell them that I *do not* want to first give them a big fat "security deposit", they will say "Ok. No problem. Just give us a minute whil we check your credit rating." If that comes back green, then they give me service... no big deposit required. On the other hand if it comes back orange or red, then I have to pony up a big deposit... which, depending on my behavior, I might not ever get back... before they will sell me service. Contrast this to Internet service. If you reach out and hack my router, and if I am on the ball, I can and will report you to your (current) ISP, giving the exact date and time of the incident and your IP address. In the rare circumstance where (a) this is not your first offense while on your current ISP and also (b) your ISP is below-average greedy and (c) your ISP is below-average incompetent and (d) your current ISP is below-average irresponsible, then you -may-... I stress -may-... actually lose your current connectivity. But even in that very rare case, of course, you can just waltz down the street, the same day, to the next convenient ISP and start all over again, barely missing a beat. So, when is this industry going to grow up, realize that creative individuals, given a single DHCP connection, even perhaps one with relatively low bandwidth, can get on and cause $tens of millions of dollars worth of either theft or damage? When is the industry going to start admitting to itself that individual end-lusers can be dangerous, sometimes even to the tune of $tens of millions of dollars? In short, when is this industry going to start vetting people, at least a little bit, before giving out connectivity to any Tom, Dick, or Harry who shows up on the doorstep with five dollars burning a hole in his pocket? Where is the equivalent of the "credit rating" for Internet users? If I'm running a mom-n-pop ISP, where do I go if I want to find out whether or not this unsavory-looking individual who slept in my doorway last night is or isn't a guy who has already been tossed off his prior two ISPs for gross misbehavior? Maybe its time for the industry to create a registry of such people. (And don't hand me all of that bleeding heart crap about personal privacy, government survelliance, etc. etc. etc. You'll only serve to make it evident to all that you're in the same camp with the wacko Second Amendment wingnuts and/or the equally wacko Any Rand extremist devotees. Time to grow up and realize that if you want to participate in, and obtain benefit from, a civilized society, then society has a fair right to ask you to give up a little bit of something in return. That's the bargain. Take it or leave it. If you don't like it, then get the flock off the Internet and go live in a cave someplace. And don't let the door hit you in the ass on your way out. You will not be missed. And besides all of that, you're probably carrying around five credit cards in your walet as we speak. So it's more than a liitle disingenuous for you to whine about personal privacy as you are checking your credit score five times a day.) Believe it or not, -that- is the -short- version of my solution to the Internet's problem(s). Regards, rfg
participants (3)
-
Ronald F. Guilmette
-
Scott Weeks
-
Steve Mikulasik