lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu May 18 13:11:05 2006
From: evilrabbi at gmail.com (evilrabbi)
Subject: blue security folds

Actually at the ISP I work for we do monitor for botnet activity. It's
really not that hard to notice them either. You really have to not know
anything or just not care to miss the traffic.  I've cut off more then one
use because of issues like. After cutting them off I'll give them a call and
tell them why, offer proof, explain the proof (ie make them type ipconfig
/all so they can see their mac address because it adds validity in their
eyes), then I refer them to a computer store we also own. Generally they are
happy that we noticed so they can get their machines cleaned up.

On 5/17/06, Gaddis, Jeremy L. <jeremy@...uxwiz.net> wrote:
>
> nocfed wrote:
> > And if the ISP's could get their act together then most of the botnets
> > would be no more.  This _IS_ something that can be controlled, to an
> > extent.  Many of the network administrators need a course in
> > Networking 101 which will greatly assist in tracking down the source
> > of attacks.  If botnets are required to use their own IP's then how
> > hard would it really be to track them down and disable them?
> > Disruption of the end users connection and a flag on their account
> > should clean them up, although not 100%.  So if you want someone to
> > blame, blame the ISP, blame the hosting service, and blame the end
> > user.
>
> While I agree (mostly), getting the ISPs to do what you suggest will
> never happen.  If I, Joe Clueless User, have a bot running on my PC
> spamming half the world, and my ISP notices this and shuts me off, what
> will I do?  Assuming I'm like the majority of users and either a) don't
> know, or b) don't care what they're talking about, I'll cancel my
> account and switch to another ISP (that won't shut me off).  To do what
> you suggest would be for the greater good of the whole "Internet
> community", but would negatively affect $ISP's bottom line.  Since we
> all know they only care about themselves, well, draw your own
> conclusions...
>
> -j
>
> --
> Jeremy L. Gaddis
> GCWN, MCP, Linux+, Network+
> http://www.jeremygaddis.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
-- h0 h0 h0 --
www.nopsled.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060518/38c595ba/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ