To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
J. Oquendo wrote: > John Fraizer wrote: > >> Carrier grade routers are designed to route (or switch in the case of >> MPLS) packets at line-rate. When you start applying ACLs, the >> performance hit is not trivial - especially when you've got interfaces >> doing 1-Mpps+ under *normal* load. > > Alright, so let me start again... I stated if NAP's and NSP's contacted > their customers lowly DS3 guys like me and stated "Look here is what you > need to do to avoid having your network send out garbage...", imagine > for a second if a fraction of NAP's started implementing these policies > how much garbage traffic would be curtailed. > Fergie, do you wanna tell him about BCP38 and how long it's been around or should I? Nevermind. I will: http://www.faqs.org/rfcs/bcp/bcp38.html Beyond that it's about *user* education and some...er...*MOST* users are simply unwilling or unable to be educated. How long have people been told not to open attachments from unknown senders? And what is the primary distribution vector for Storm? > > And how much would it cost for the following: > > Dear Valued Customer, > > Beginning December 2007, we will be asking out customers to help make > our networks more efficient. We ask that you view a set of pre-defined > guidelines created by industry experts and implement them on your > routers and switches. Should you need a assistance please contact us. > > Sincerely, > Your Provider > Working to make the Internet Safer. > Sadly, one does not have to show proof or proficiency to purchase a computer and/or obtain internet connectivity. You can send all the letters you want to the customer. Until it is *PAINFUL* for them, they are not going to do anything. The level of pain varies on a case by case basis. There is no silver bullet. Outside of sending out a competent individual to personally visit every customer and apply (by force if necessary) the best current practices, patch their operating systems and applications and watch over their shoulder to prevent them from doing stupid things like opening unknown attachments or blindly clicking every link they find on the net, you are not going to clean up the net. I ask you, how much is THAT going to cost? You know that the USER is not going to pay for it. As far as they're concerned, there isn't a problem and if it ain't broke, they're not gonna fix it! >> I wasn't the one who went out and started talking smack on IRC and >> invited Joe Botherder to "take his best shot" at me. It was my >> misguided customer. > > Its that customer I know I wouldn't want on my network. Even if they did > pay X over bandwidth I just wouldn't want them. > OK. Would you want the customer who opened up an attachment in email which infected them allowing their machine to be used as a proxy for some miscreant to go on IRC and invite Joe Botherder to "take his best shot"??? How about the customer who gets infected by downloading the latest war3z and gets infected and their machine starts scanning the closest 4 /8's worth of address space, eventually triggering an inbound DDoS because they tickled some Storm infected hosts in just the right way? Oh, no. We don't want them either. We only want highly vigilant, safe browsing, not miscreant attention attracting customers. Do you know the problem with that business model? There are not enough clued-in customers to go around. > Is it, I look at this analogy, you go to a car dealer say Nissan, > purchase your car. Brake problems? I take it back to the dealer. "Oh my, > did email or call me to say an attacker has the potential to affect the > GPS and re-route my destination even stop me from getting there. Wow, > and you even sent me instructions on how to avoid it." Know what, I'd > appreciate that car dealer. I'd even go tell another Nissan owner, hey > did you hear the news... Product defect and user education are not anywhere close to being the same thing. The ISP/NSP is doing *exactly* what the customer is paying for by carrying the packets (good and bad) to/from endpoint to endpoint. It is the customers who are becoming infected causing their machines to send the bad packets. Is it the responsibility of the car dealer to prevent you from purchasing the car if you have a history of running into other cars? No it isn't. Is it the responsibility of the car dealer to prevent you from purchasing the car if you have a history of being the victim in automobile collisions? No. It is the responsibility of the car dealer to sell you whatever car you desire to purchase and can provide funding for. A brake problem with a new car would be analogous to a bad piece of provider issued CPE or a mismatched MTU on a P-t-P circuit. That's not what we're talking about here. We're talking about people who think that setting cruise control is the same as engaging the auto-pilot on a 767. When they set the cruise and recline the drivers seat and take a nap while driving down the 605, they're going to get into a wreck. It's not the fault of the car dealer. It's not the fault of the automobile manufacturer. It's the fault of the idiot who was behind the wheel. The same goes for the idiots who click blindly, open unknown attachments, fail to maintain patch levels, etc. It's *THEIR* fault and not that of their service providers. > I sincerely enjoy word for word the learning experience here so please > don't misunderstand my communication at any given time and should you > tell me to STFU I'd respect that too, but I'm trying to understand why > it can't be done and sadly I'm still seeing nothing more then an excuse. > Not from you per-se but overall there is STILL no reason why networks > can't be cleaner. Networks *can* be cleaner. All I have to do is admin down the customer facing interfaces. Until such time as the customer places their computer under my direct administrative control, I am unable to control what they do. The malware is getting smarter. I see a LOT of inbound DDoS to UDP 53 from infected machines on the net when my customers get attacked. Probably one out of 5 DDoS's we see employ this attack vector. How do you suppose that the providers of the infected hosts should protect against that? I know. Let's block all outbound UDP 53. Oh, wait... That won't work! It's kind-of important that their customers be able to do DNS queries, isn't it? Again, there is no silver bullet. It is *NOT* the responsibility of the providers to force safe computing down the throat of their customers. And last but not least, ISPs and NSPs do NOT Love Botnets. You tell me just how I am making money on an inbound 900Mb/s DDoS that is destined for a customer with a flat-rate 512Kb/s fractional DS1? Even networks like Verizon/UUNet who *don't* pay anyone else for transit connections suffer the burden of DDoS attacks, etc. They have to build out more capacity in their network to be able to carry those attacks without causing service degradation of legitimate traffic. Otherwise, they fail to meet their service level agreements with their customers and they get hit with crediting customers $$$ and or losing customers. To put it as nicely as I can, there was absolutely NO MERIT to your assertion that ISPs and NSPs benefit from Botnets, DoS/DDoS, etc. You provided absolutely no imperical evidence supporting your claim. Each point you have attempted to make to support your assertion has been shot down by logic, reason and pure unadulterated fact. > > Understandable as well and appreciated on the schooling I'm getting. > I applaud you for recognizing that Botnets are a problem. I invite you to crusade against Botnets, DoS/DDoS, SPAM and all other nefarious activity on the internet. You need to choose your words wisely and actually be able to provide supporting documentation of your claims though. Otherwise, you just come across as a blowhard without a clue who is lashing out at the first convenient target, common sense and reason be damned. ~john -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFG9D93+16lRpJszIgRApJDAJ9EyzjZ6p0EbKpBC7RIsgQGJMaFFQCfQCgV KhyJqBOdOOj/xs+zJW0TVnc= =c/9l -----END PGP SIGNATURE----- _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets