Re: mitigating botnet C&Cs has become useless

• Previous message: Simon Waters: "Re: mitigating botnet C&Cs has become useless"
• In reply to: Arjan Hulsebos: "Re: mitigating botnet C&Cs has become useless"
• Next in thread: Michael Loftis: "Re: mitigating botnet C&Cs has become useless"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 8 Aug 2006, Arjan Hulsebos wrote:
> We (ISPs) already do have that power, we can disconnect misbehaving
> subscribers. And in cases like this, we should keep them off the 'net
> until they've cleaned up their PC.

Botnet C&Cs are not naturally occuring phenomena. Relying only on
defensive security, and not arresting the criminals, will just result
in the criminals becoming bolder and more aggressive.

In most cases ISPs are just taking action against innocent bystanders that
got hit in the cross-fire. Those bystanders aren't the cause. If you let
the criminals continue trying over and over again, you are just training
them to become better shots. Telling your customers they should wear
bullet-proof vests whenever they go outside isn't going to stop snippers.
Arresting the snipper is going to stop the snipper.

• Previous message: Simon Waters: "Re: mitigating botnet C&Cs has become useless"
• In reply to: Arjan Hulsebos: "Re: mitigating botnet C&Cs has become useless"
• Next in thread: Michael Loftis: "Re: mitigating botnet C&Cs has become useless"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]