[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <446C8C2A.3070304@randomvoids.com>
Date: Thu May 18 16:01:42 2006
From: kyle at randomvoids.com (Kyle Lutze)
Subject: blue security folds
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gaddis, Jeremy L. wrote:
> nocfed wrote:
>> And if the ISP's could get their act together then most of the botnets
>> would be no more. This _IS_ something that can be controlled, to an
>> extent. Many of the network administrators need a course in
>> Networking 101 which will greatly assist in tracking down the source
>> of attacks. If botnets are required to use their own IP's then how
>> hard would it really be to track them down and disable them?
>> Disruption of the end users connection and a flag on their account
>> should clean them up, although not 100%. So if you want someone to
>> blame, blame the ISP, blame the hosting service, and blame the end
>> user.
>
> While I agree (mostly), getting the ISPs to do what you suggest will
> never happen. If I, Joe Clueless User, have a bot running on my PC
> spamming half the world, and my ISP notices this and shuts me off, what
> will I do? Assuming I'm like the majority of users and either a) don't
> know, or b) don't care what they're talking about, I'll cancel my
> account and switch to another ISP (that won't shut me off). To do what
> you suggest would be for the greater good of the whole "Internet
> community", but would negatively affect $ISP's bottom line. Since we
> all know they only care about themselves, well, draw your own
> conclusions...
>
> -j
>
> --
> Jeremy L. Gaddis
> GCWN, MCP, Linux+, Network+
> http://www.jeremygaddis.com/
That's not entirely true. I work with shadowserver on shutting botnets
down, and cox HSI is one of the most helpful in shutting down any IPs
that we find on their network that are being used as a C&C or that are
in a botnet. the fastest response time I've gotten from them is 30
seconds to shut one down, longest is 10 minutes.
They don't fully block the account though, instead they lock it so they
can access cox's site, some A/V and adware remove sites, and microsoft's
update site. They then send them an email and a snail mail letter
informing them about what happened to their account and what they have
to do to get it turned back on. Before cox will turn it back on the user
has to call in and then cox will run nmap against their box, and then
use a packet sniffer to see if they are still trying to connect against
an outside network. If they clear that, then and only then are they
allowed back on the internet.
Cox charges a fair bit for their internet, but they do one hell of a
good job keeping their network clean so I've gotta give them props!
worst networks: aol and comcast.
cheers,
Kyle
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2-ecc0.1.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEbIwqVFIipMnXxfYRAlrWAJ49qSHY8bWkdcUUC9ezkCbZE5UQUwCgkQ6B
zfQWOvtYYtVll4DoIUTye3w=
=mv8v
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists