| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu May 18 16:01:42 2006 From: kyle at randomvoids.com (Kyle Lutze) Subject: blue security folds -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gaddis, Jeremy L. wrote: > nocfed wrote: >> And if the ISP's could get their act together then most of the botnets >> would be no more. This _IS_ something that can be controlled, to an >> extent. Many of the network administrators need a course in >> Networking 101 which will greatly assist in tracking down the source >> of attacks. If botnets are required to use their own IP's then how >> hard would it really be to track them down and disable them? >> Disruption of the end users connection and a flag on their account >> should clean them up, although not 100%. So if you want someone to >> blame, blame the ISP, blame the hosting service, and blame the end >> user. > > While I agree (mostly), getting the ISPs to do what you suggest will > never happen. If I, Joe Clueless User, have a bot running on my PC > spamming half the world, and my ISP notices this and shuts me off, what > will I do? Assuming I'm like the majority of users and either a) don't > know, or b) don't care what they're talking about, I'll cancel my > account and switch to another ISP (that won't shut me off). To do what > you suggest would be for the greater good of the whole "Internet > community", but would negatively affect $ISP's bottom line. Since we > all know they only care about themselves, well, draw your own > conclusions... > > -j > > -- > Jeremy L. Gaddis > GCWN, MCP, Linux+, Network+ > http://www.jeremygaddis.com/ That's not entirely true. I work with shadowserver on shutting botnets down, and cox HSI is one of the most helpful in shutting down any IPs that we find on their network that are being used as a C&C or that are in a botnet. the fastest response time I've gotten from them is 30 seconds to shut one down, longest is 10 minutes. They don't fully block the account though, instead they lock it so they can access cox's site, some A/V and adware remove sites, and microsoft's update site. They then send them an email and a snail mail letter informing them about what happened to their account and what they have to do to get it turned back on. Before cox will turn it back on the user has to call in and then cox will run nmap against their box, and then use a packet sniffer to see if they are still trying to connect against an outside network. If they clear that, then and only then are they allowed back on the internet. Cox charges a fair bit for their internet, but they do one hell of a good job keeping their network clean so I've gotta give them props! worst networks: aol and comcast. cheers, Kyle -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2-ecc0.1.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEbIwqVFIipMnXxfYRAlrWAJ49qSHY8bWkdcUUC9ezkCbZE5UQUwCgkQ6B zfQWOvtYYtVll4DoIUTye3w= =mv8v -----END PGP SIGNATURE-----
Powered by blists - more mailing lists