I really didn't intend for this discussion to run down a rat-hole like this, but there it is. If you're going to pass-the-buck on this to (OS flaws) or that (stupid user tricks), then there are bigger problem than I thought. Regardless of existing flaws, user idiosyncracies, etc., we still have to mitigate _all_ emerging threats. Period. Your customers, and mine, expect nothing less. If you think that it's not worth your time, then continue to ignore it, but at least leave the rest of us to deal with the carnage without being a nayayer poo-poo'ing efforts to the contrary. - ferg -- "Bora Akyol" <bora@broadcom.com> wrote: I see you are an optimist. As much as I like to build more technology, in this case neither more technology, nor more manpower devoted to service providers and networking is going to fix this problem. There is a real good analogy to this going on in Santa Clara county (SF Bay Area) where West Nile virus is a real threat. Initially the county tried to spray and in general kill the mosquitos. Well, it turns out that this did not work, they got more. Then, they started doing aerial surveys of the area and going to every single water body that seemed to contain stagnant water. And they made it impractical for mosquitos to breed. Then they sprayed, and now it turns out that the mosquitos are slowly disappearing. Coming back to our topic at hand, first you have to get rid of the buggy code/OS that is running out there. At the same time, you put in the law enforcement (must be able to span across countries) controls to punish the people that get caught. Then, I think you can kill off what's left. Just throwing more network engineers and more gear will not get you where you want to go IMHO. It would make quite a few companies a lot of money though.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Fergie Sent: Thursday, August 03, 2006 3:54 PM To: Bora Akyol Cc: nanog@merit.edu Subject: RE: mitigating botnet C&Cs has become useless
I've got news for you.
To impact the miscreant's bottom-line, then it will take:
A) Technology, and; B) Manpower
It will also take:
C) Better cooperative efforts.
- ferg
-- "Bora Akyol" <bora@broadcom.com> wrote:
IMHO,
This is not a problem we can solve by adding:
a) technology (other than completely dumping the OS(s) that make this possible) b) manpower
I think it can be solved by reducing the margins in the miscreant business line or ideally having it have negative margins.
I would suggest more specific attention by service providers specifically, and everyone in general, perhaps with more "abuse services" -related tracks at meetings like NANOG. :-)
Or something along those lines... <snip>
I think better to focus on the economics of the business as part of the abuse track.
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
I am not being a discounting the efforts of many people that are on this list and I personally know or worked with. What I am saying is that throwing more technology (boxes, appliances etc) and more manpower at the problem within the NSP,ISP, and ASP boxes of the network block diagram is NOT going to solve the problem. I am not saying, stop what you are doing, all I am saying is that, it is TIME to look at the overall approach that we have taken fighting this war. It is also NOT passing the buck, it is stating a point. You have to plug the holes that allow these people to take over PCs at almost zero cost. If it took them 6 months to discover one hole and 3-6 months to write an exploit for it, I think you would find that these guys would go find another line of profitable business. I will now let everyone get back to their regularly scheduled programming as I also don't want to go down this rathole any farther. Regards,
-----Original Message----- From: Fergie [mailto:fergdawg@netzero.net] Sent: Thursday, August 03, 2006 4:14 PM To: Bora Akyol Cc: nanog@merit.edu Subject: RE: mitigating botnet C&Cs has become useless
I really didn't intend for this discussion to run down a rat-hole like this, but there it is.
If you're going to pass-the-buck on this to (OS flaws) or that (stupid user tricks), then there are bigger problem than I thought.
Regardless of existing flaws, user idiosyncracies, etc., we still have to mitigate _all_ emerging threats. Period.
Your customers, and mine, expect nothing less.
If you think that it's not worth your time, then continue to ignore it, but at least leave the rest of us to deal with the carnage without being a nayayer poo-poo'ing efforts to the contrary.
- ferg
Bora Akyol wrote:
What I am saying is that throwing more technology (boxes, appliances etc) and more manpower at the problem within the NSP,ISP, and ASP boxes of the network block diagram is NOT going to solve the problem. I am not saying, stop what you are doing, all I am saying is that, it is TIME to look at the overall approach that we have taken fighting this war.
You speak of not stopping, but still not adding more technology, more manpower and whatnot to the problem. Sometimes standing still while everything else around you moves is pretty much the same as stopping. While I agree that the current process of hunting botnets, disabling their C&Cs and such is the BEST way of eventually trying to smother the big problem we should probably consider the alternative. What would things be like if we HADN'T done what we are donig? And what would happen if we stepped on the break now? Worth thinking about that too. -- /ahnberg.
participants (3)
-
Bora Akyol -
Fergie -
Mattias Ahnberg