To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
There is a bigger German ISP, which is developing a solution around the nepenthes medium-interaction honeypot <http://nepenthes.mwcollect.org/> to automatically isolate infected customer accounts. Cheers, Georg Wicherski Aryeh Goretsky wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Hello, > > When I was working at a VoIP hardware manufacturer, one of the things I > noticed > was that none of the consumer broadband providers seemed to honor QoS on their > networks for SIP. > > I am not sure if it is better to reduce the priority of transmitting > a customer's > packets versus placing them in a walled garden where they can get OS > and security > patches and every other request is routed to page stating their connection has > been limited due to unusual activity (along with instructions about > how to check > their operating system for updates, how to contact tech support for > assistance, > and so forth). > > ISPs don't have to call customers, they can use the walled garden approach on > http and ftp traffic and send the customer an email notifying them why their > account has been suspended. Some ISPs may even look at this as an opportunity > to sell a managed security service to their customers. > > At least one major ISP is planning quarantining suspect customers: British > Telecom is planning on using a gateway device from StreamShield Networks to > block spambots, according to this article: > > http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=infrastructure&articleId=9004134&taxonomyId=145 > > It will be interesting to see how accurate the system is over time. > > Regards > > Aryeh Goretsky > > > > At 10:00 AM 10/16/2006, you wrote: > >> Message: 1 >> Date: Mon, 16 Oct 2006 06:45:50 -0500 (CDT) >> From: Gadi Evron <[EMAIL PROTECTED]> >> Subject: [botnets] QoS and bot traffic >> To: [email protected] >> Message-ID: <[EMAIL PROTECTED]> >> Content-Type: TEXT/PLAIN; charset=US-ASCII >> >> I am starting a discussion in the relevant groups on this subject, to try >> and come up with some suggestions and TO-DO items we can follow up on, or >> maybe even better - find another solution. >> >> Networks require a means by which they can control their botnet >> population. Yes, "curing" the problem is great, but it won't happen in the >> near future. >> >> Obviously, having ISP's call even one customer to remove infections >> doesn't work (costs significantly more than the subscription fee per >> attempt) and people just get re-infected. >> >> I am looking to utilize proven technology to be able to reduce the cost of >> what a botnet can do. >> >> If botnet traffic is detected, even by not very sophisticated technologies >> such as simply checking for email sent from dynamic ranges or netflow >> data, it should be possible to use routing technology to "mitigate". >> >> QoS can limit the traffic these bots can utilize much like it would P2P >> users in most ISP's today. These users are already of limited traffic due >> to the effects of the bot. >> >> How can this be done using today's technology? Does it require re-design >> of hardware or new systems to be designed? I hope to find out and get a >> proposal ready, >> >> Gadi. > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFNKbm572kPpbmFdARAvTeAJ9EejihmZE75YR0GNcj3dc7TSfztQCfRcPZ 4mCtckFnSPXb+RS2UB/qdxk= =7+dP -----END PGP SIGNATURE----- _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
