On Aug 9, 2006, at 4:04 AM, Arjan Hulsebos wrote:
Maybe so, but that argument doesn't buy me more helpdesk folks. The
same holds true for the bandwidth argument, especially now that
bandwidth is dirt cheap.
On the other hand, it shouldn't be too difficult to come up with a
walled garden
Danny McPherson wrote:
As importantly, broadband SPs are trying to move to triple (quad)
play services, how tolerant do you think your average subscriber is
to losing cable television services because their kid downloaded some
malware?
At least one of us would applaud an effort to hold
On Aug 13, 2006, at 8:35 AM, Laurence F. Sheldon, Jr. wrote:
Danny McPherson wrote:
As importantly, broadband SPs are trying to move to triple (quad)
play services, how tolerant do you think your average subscriber is
to losing cable television services because their kid downloaded some
Danny McPherson wrote:
On Aug 13, 2006, at 8:35 AM, Laurence F. Sheldon, Jr. wrote:
Danny McPherson wrote:
As importantly, broadband SPs are trying to move to triple (quad)
play services, how tolerant do you think your average subscriber
is to losing cable television services because
On Sun, 13 Aug 2006, Laurence F. Sheldon, Jr. wrote:
This morning's Omaha Weird Harold has a front-page item about the City
installing free wiffy hotspots around town. It may be time for you to
reconsider the options on the buggy-whip plant.
Any information about how the City plans to solve
Sean Donelan wrote:
On Sun, 13 Aug 2006, Laurence F. Sheldon, Jr. wrote:
This morning's Omaha Weird Harold has a front-page item about the City
installing free wiffy hotspots around town. It may be time for you to
reconsider the options on the buggy-whip plant.
Any information about how
On Tue, 08 Aug 2006 15:10:50 -0700, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American
business $29M per month because of the existence of key-logging botnets.
Maybe so, but that argument doesn't buy me more helpdesk folks. The
same holds true for the
--On August 8, 2006 4:03:36 PM +0200 Arjan Hulsebos
[EMAIL PROTECTED] wrote:
On Sat, 5 Aug 2006 17:17:27 -0400 (EDT), Sean Donelan typed:
Railroads have the railroad police. The Post Office has postal
inspectors. Do we want to give ISP security the power to arrest
people?
We (ISPs)
--On August 8, 2006 12:06:42 PM -0400 Sean Donelan [EMAIL PROTECTED] wrote:
On Tue, 8 Aug 2006, Arjan Hulsebos wrote:
We (ISPs) already do have that power, we can disconnect misbehaving
subscribers. And in cases like this, we should keep them off the 'net
until they've cleaned up their PC.
On Wed, 09 Aug 2006 10:10:21 -0600, Michael Loftis wrote:
Yup this is a social problem. Just like there's nothing actually stopping
any of us from beating up a guy on the street, we don't do it because it
isn't legal, doesn't make sense, etc. Some muggers do, the people in
control of the SPAM
Arjan Hulsebos wrote:
The ones who've been mugged don't start mugging other people, infected
PCs will infect other PCs. That's the difference, and that's why an
ISP should do something about that. Although it may be out of fashion,
I'd like to see good netizenship.
SPAM as other types of abuse
On Wed, Aug 02, 2006 at 08:25:40AM +0200, Peter Dambier wrote:
...
Let me try to become Gadi. First of all block port 80 (http) :)
Next block port 53 udp (dns).
Now you have got rid of amplification attacks because spoofing does
no longer work and you have got rid of all those silly users
On Wed, 09 Aug 2006 20:16:44 +0300, Petri Helenius wrote:
Arjan Hulsebos wrote:
The ones who've been mugged don't start mugging other people, infected
PCs will infect other PCs. That's the difference, and that's why an
ISP should do something about that. Although it may be out of fashion,
I'd
On Sat, 5 Aug 2006 17:17:27 -0400 (EDT), Sean Donelan typed:
Railroads have the railroad police. The Post Office has postal
inspectors. Do we want to give ISP security the power to arrest
people?
We (ISPs) already do have that power, we can disconnect misbehaving
subscribers. And in cases
On Tuesday 08 Aug 2006 15:03, you wrote:
And, as usual, security is only costing you money.
To a first approximation 10% of all incoming net traffic is malware/abuse/junk
related, so if you are a residential ISP presumably 10% of outgoing bandwidth
is swallowed up this way.
So there are
On Tue, 8 Aug 2006, Arjan Hulsebos wrote:
We (ISPs) already do have that power, we can disconnect misbehaving
subscribers. And in cases like this, we should keep them off the 'net
until they've cleaned up their PC.
Botnet CCs are not naturally occuring phenomena. Relying only on
defensive
On Tue, 8 Aug 2006, Simon Waters wrote:
However most big residential ISPs must be getting to the point where 10%
bandwidth saving would justify buying in third party solutions for
containing malware sources. I assume residential ISPs must be worse than
The problem here is that if you build
Mikael Abrahamsson wrote:
On Tue, 8 Aug 2006, Simon Waters wrote:
However most big residential ISPs must be getting to the point where
10% bandwidth saving would justify buying in third party solutions for
containing malware sources. I assume residential ISPs must be worse than
[snip]
It
On Tue, 8 Aug 2006, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American business
$29M per month because of the existence of key-logging botnets.
you want to talk economics? Its not complicated to show that mitigating
key-logging bots could save American
On Tue, 8 Aug 2006, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American business
$29M per month because of the existence of key-logging botnets.
Why did you attribute responsibility for the cost only to the consumer
ISP? How much of the cost should be
Mikael Abrahamsson wrote:
On Tue, 8 Aug 2006, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American
business $29M per month because of the existence of key-logging botnets.
you want to talk economics? Its not complicated to show that
mitigating
- Original Message Follows -
From: Sean Donelan [EMAIL PROTECTED]
arrest people for mail fraud. Where are the Internet
inspectors with the authority to arrest people?
Thankfully, they're nowhere around! We need to figure this
out without the creation of such, also.
scott
this isn't fun, comments in line.
Sean Donelan wrote:
On Tue, 8 Aug 2006, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American
business $29M per month because of the existence of key-logging botnets.
Why did you attribute responsibility for the cost
On 8/5/06, Sean Donelan [EMAIL PROTECTED] wrote:
Railroads have the railroad police. The Post Office has postal
inspectors. Do we want to give ISP security the power to arrest
people? There are probably some security officers at SPs that
would love to bust some doors down and slap handcuffs
On Tue, 8 Aug 2006, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American
business $29M per month because of the existence of key-logging botnets.
Why did you attribute responsibility for the cost only to the consumer ISP?
How much of the cost should be
On Aug 4, 2006, at 12:00 AM, [EMAIL PROTECTED] wrote:
useless...
perhaps. i'm partly of the mind that botnets, p2p networks, manets,
and other self-organizing systems are the wave of the future (or
even the
present) and the technologies, per se, are not inherently evil or
even
On Sat, 5 Aug 2006, Danny McPherson wrote:
Right, hence my point. By and large, SPs don't have the time or
resources to police the greater Internet, and therefore, they respond
in a very reactive fashion when some malicious activity *that* warrants
action dictates. Taking out known botnet
On Aug 5, 2006, at 3:17 PM, Sean Donelan wrote:
Hopefully, by their nature SPs will always be a bit reactive. Unless
I want them to, I don't want SPs messing with my traffic. Its my
right
to connect anything I want, send anything I want, do anything I
want with
my Internet connection.
useless...
perhaps. i'm partly of the mind that botnets, p2p networks, manets,
and other self-organizing systems are the wave of the future (or even the
present) and the technologies, per se, are not inherently evil or even bad.
imho, it is short sighted to try and curtail,
I promised myself I'd never, ever post three comments on the same
topic here, but hey...
What I think would be a good thing would be focusing on ONE miscreant,
some low-hanging fruit for starters. Just one. And shut him/her/it
down, hound him off the face of the earth, get him arrested,
On Jul 30, 2006, at 10:37 AM, Gadi Evron wrote:
The few hundred *new* IRC-based CCs a month (and change), have been
around and static (somewhat) for a while now. At a steady rate of
change which
maintains the status quo, plus a bit of new blood.
In this post I ask the community about
-- Danny McPherson [EMAIL PROTECTED] wrote:
[good stuff elided]
I agree that the root of the problem is the miscreants perpetrating
these crimes, and they need to be prosecuted, but the responsibility
falls far wider than the SPs.
I also accept the references provided by Paul and others, but
IMHO,
This is not a problem we can solve by adding:
a) technology (other than completely dumping the OS(s) that make this
possible)
b) manpower
I think it can be solved by reducing the margins in the miscreant
business line
or ideally having it have negative margins.
I would suggest more
I've got news for you.
To impact the miscreant's bottom-line, then it will take:
A) Technology, and;
B) Manpower
It will also take:
C) Better cooperative efforts.
- ferg
-- Bora Akyol [EMAIL PROTECTED] wrote:
IMHO,
This is not a problem we can solve by adding:
a) technology (other than
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Fergie
Sent: Thursday, August 03, 2006 3:54 PM
To: Bora Akyol
Cc: nanog@merit.edu
Subject: RE: mitigating botnet CCs has become useless
I've got news for you.
To impact the miscreant's bottom-line, then it will take
.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Fergie
Sent: Thursday, August 03, 2006 3:54 PM
To: Bora Akyol
Cc: nanog@merit.edu
Subject: RE: mitigating botnet CCs has become useless
I've got news for you.
To impact the miscreant's bottom
down this rathole any farther.
Regards,
-Original Message-
From: Fergie [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 03, 2006 4:14 PM
To: Bora Akyol
Cc: nanog@merit.edu
Subject: RE: mitigating botnet CCs has become useless
I really didn't intend for this discussion to run
On Thu, 03 Aug 2006 12:22:31 -1000
Scott Weeks [EMAIL PROTECTED] wrote:
But shutting them down, that's like the police arresting
all the informants. It doesn't stop the crime, it just
eradicates all your easy leads.
What're folk's thoughts on that?
Well that's one perspective.
I
On Aug 3, 2006, at 4:22 PM, Scott Weeks wrote:
But shutting them down, that's like the police arresting
all the informants. It doesn't stop the crime, it just
eradicates all your easy leads.
What're folk's thoughts on that?
I'm not sure I'd liken shutting CC infrastructure down to
Bora Akyol wrote:
What I am saying is that throwing more technology (boxes, appliances
etc) and more manpower at the problem within the NSP,ISP, and ASP boxes
of the network block diagram is NOT going to solve the problem. I am not
saying, stop what you are doing, all I am saying is that, it
Barry Shein wrote:
On August 1, 2006 at 11:50 [EMAIL PROTECTED] (Scott Weeks) wrote:
...
there has to be a technical way to do this, rather
than a diplomatic way as the diplomatic ways historically
have not worked in the other areas mentioned, so they
probably won't work here,
[EMAIL PROTECTED] (Scott Weeks) writes:
... I'm just saying that there has to be a better way than police-type
actions on a global scale. ...
no, there doesn't have to be such a way. where the stakes are in meatspace
(pun unintended), the remediation has to be in meatspace. cyberspace is
done now in meatspace for protection
against the vile dweebs. Lotsa protection where the money
is and badlands where it isn't.
scott
- Original Message Follows -
From: Paul Vixie [EMAIL PROTECTED]
To: nanog@merit.edu
Subject: Re: mitigating botnet CCs has become useless
Date: 02 Aug 2006
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Paul Vixie
Sent: Wednesday, August 02, 2006 2:30 AM
To: nanog@merit.edu
Subject: Re: mitigating botnet CCs has become useless
[EMAIL PROTECTED] (Scott Weeks) writes:
... I'm just saying
Jamie Bowden [EMAIL PROTECTED] wrote:
[snip]
I'd just like to point out Paul, that while we may rely on police to
handle crimes in the real world, we still lock our doors.
Jamie Bowden
Indeed.
And good neighbors usually alert the police when someone is
breaking into their neighbor's house --
On August 2, 2006 at 07:54 [EMAIL PROTECTED] (Jamie Bowden) wrote:
I'd just like to point out Paul, that while we may rely on police to
handle crimes in the real world, we still lock our doors.
And, in most neighborhoods, feel reasonably safe with locked doors and
glass windows
What? That's what I'm trying to find out, but I'm not as
smart as most, so I can only point out the things that I
believe definitely won't work and why I think that.
Hopefully by the application of flame to my butt by smart
people for saying what I do will spark some thought toward
-- Barry Greene (bgreene) [EMAIL PROTECTED] wrote:
What? That's what I'm trying to find out, but I'm not as
smart as most, so I can only point out the things that I
believe definitely won't work and why I think that.
Hopefully by the application of flame to my butt by smart
people
On July 31, 2006 at 08:51 [EMAIL PROTECTED] (Scott Weeks) wrote:
That's all fine and dandy until you consider the
international base of these things. I'd like to see
...jackbooted [US is implied in the text] government
thugs...kicking in a door somewhere and confiscating every
[EMAIL PROTECTED] (Scott Weeks) writes:
From: Paul Vixie [EMAIL PROTECTED]
http://fm.vix.com/internet/security/superbugs.html
... I'd like to see ...jackbooted [US is implied in the text]
government thugs...kicking in a door somewhere ...
i apologize for writing so sloppily that you
Paul Vixie wrote:
[EMAIL PROTECTED] (Scott Weeks) writes:
From: Paul Vixie [EMAIL PROTECTED]
http://fm.vix.com/internet/security/superbugs.html
... I'd like to see ...jackbooted [US is implied in the text]
government thugs...kicking in a door somewhere ...
Paul, it is people like you
- Original Message Follows -
From: Barry Shein [EMAIL PROTECTED]
That's all fine and dandy until you consider the
international base of these things. I'd like to see
a meeting at the Massachussets state house probably around
1998 and being shouted down by this reasoning for a
On August 1, 2006 at 11:50 [EMAIL PROTECTED] (Scott Weeks) wrote:
...
there has to be a technical way to do this, rather
than a diplomatic way as the diplomatic ways historically
have not worked in the other areas mentioned, so they
probably won't work here, either. Or we have to
- Original Message Follows -
From: Barry Shein [EMAIL PROTECTED]
On August 1, 2006 at 11:50 [EMAIL PROTECTED] (Scott
Weeks) wrote:
...
there has to be a technical way to do this, rather
than a diplomatic way as the diplomatic ways
historically have not worked in the other
-- Scott Weeks [EMAIL PROTECTED] wrote:
[snip]
Yes, you're correct. I didn't mean to say the things you
mentioned haven't worked at all. I'm just saying that there
has to be a better way than police-type actions on a global
scale. Also, I'm sure many more smart people will work on
it for
- Original Message Follows -
From: Fergie [EMAIL PROTECTED]
mentioned haven't worked at all. I'm just saying that
there has to be a better way than police-type actions on
a global scale. Also, I'm sure many more smart people
Personally, I think there is wiggle-room between what
On Mon, 31 Jul 2006, Dean Anderson wrote:
You are approaching the problem the wrong way. Many failover systems
work very well when the primary fails entirely--when the salesman pulls
the plug. Few work well when the primary doesn't entirely fail, but
just doesn't work correctly, as is
On Mon, 31 Jul 2006 12:30:48 CDT, Gadi Evron said:
On Mon, 31 Jul 2006, Dean Anderson wrote:
You are approaching the problem the wrong way. Many failover systems
work very well when the primary fails entirely--when the salesman pulls
the plug. Few work well when the primary doesn't
[EMAIL PROTECTED] (Gadi Evron) writes:
The subject line why mitigating botnet CCs has become useless is
misleading. It has been useless for a long time, but ...
Today it has become (close to) completely useless. ...
i wish that the value of this activity were zero. instead, it's negative
- Original Message Follows -
From: Paul Vixie [EMAIL PROTECTED]
Today it has become (close to) completely useless. ...
i wish that the value of this activity were zero. instead
, it's negative. see
http://fm.vix.com/internet/security/superbugs.html
for details. --
That's all
and test my conclusions and numbers against your
findings.
The subject line why mitigating botnet CCs has become useless is
misleading. It has been useless for a long time, but someone
had to hold back the tide, which several online mitigation communities
have been doing.
Today it has become (close
The really interesting question is when botnets are going to use
p2p-technologies since one wouldn't know how to stop them then.
Please let that never happen
On Sun, 30 Jul 2006, Gunther Stammwitz wrote:
The really interesting question is when botnets are going to use
p2p-technologies since one wouldn't know how to stop them then.
Please let that never happen
I am not sayin gyou are wrong, or that dynamic channels won't happen far
more
63 matches
Mail list logo