To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
Hash: SHA1

J. Oquendo wrote:
> John Fraizer wrote:
>> Carrier grade routers are designed to route (or switch in the case of
>> MPLS) packets at line-rate.  When you start applying ACLs, the
>> performance hit is not trivial - especially when you've got interfaces
>> doing 1-Mpps+ under *normal* load.
> Alright, so let me start again... I stated if NAP's and NSP's contacted
> their customers lowly DS3 guys like me and stated "Look here is what you
> need to do to avoid having your network send out garbage...", imagine
> for a second if a fraction of NAP's started implementing these policies
> how much garbage traffic would be curtailed.

Fergie, do you wanna tell him about BCP38 and how long it's been around
or should I?

Nevermind.  I will:

Beyond that it's about *user* education and*MOST* users are
simply unwilling or unable to be educated.  How long have people been
told not to open attachments from unknown senders?  And what is the
primary distribution vector for Storm?

> And how much would it cost for the following:
> Dear Valued Customer,
> Beginning December 2007, we will be asking out customers to help make
> our networks more efficient. We ask that you view a set of pre-defined
> guidelines created by industry experts and implement them on your
> routers and switches. Should you need a assistance please contact us.
> Sincerely,
> Your Provider
> Working to make the Internet Safer.

Sadly, one does not have to show proof or proficiency to purchase a
computer and/or obtain internet connectivity.  You can send all the
letters you want to the customer.  Until it is *PAINFUL* for them, they
are not going to do anything.  The level of pain varies on a case by
case basis.  There is no silver bullet.  Outside of sending out a
competent individual to personally visit every customer and apply (by
force if necessary) the best current practices, patch their operating
systems and applications and watch over their shoulder to prevent them
from doing stupid things like opening unknown attachments or blindly
clicking every link they find on the net, you are not going to clean up
the net.  I ask you, how much is THAT going to cost?  You know that the
USER is not going to pay for it.  As far as they're concerned, there
isn't a problem and if it ain't broke, they're not gonna fix it!

>> I wasn't the one who went out and started talking smack on IRC and
>> invited Joe Botherder to "take his best shot" at me.  It was my
>> misguided customer.
> Its that customer I know I wouldn't want on my network. Even if they did
> pay X over bandwidth I just wouldn't want them.

OK.  Would you want the customer who opened up an attachment in email
which infected them allowing their machine to be used as a proxy for
some miscreant to go on IRC and invite Joe Botherder to "take his best
shot"???  How about the customer who gets infected by downloading the
latest war3z and gets infected and their machine starts scanning the
closest 4 /8's worth of address space, eventually triggering an inbound
DDoS because they tickled some Storm infected hosts in just the right
way?  Oh, no.  We don't want them either.  We only want highly vigilant,
safe browsing, not miscreant attention attracting customers.  Do you
know the problem with that business model?  There are not enough
clued-in customers to go around.

> Is it, I look at this analogy, you go to a car dealer say Nissan,
> purchase your car. Brake problems? I take it back to the dealer. "Oh my,
> did email or call me to say an attacker has the potential to affect the
> GPS and re-route my destination even stop me from getting there. Wow,
> and you even sent me instructions on how to avoid it." Know what, I'd
> appreciate that car dealer. I'd even go tell another Nissan owner, hey
> did you hear the news...

Product defect and user education are not anywhere close to being the
same thing.  The ISP/NSP is doing *exactly* what the customer is paying
for by carrying the packets (good and bad) to/from endpoint to endpoint.
 It is the customers who are becoming infected causing their machines to
send the bad packets.

Is it the responsibility of the car dealer to prevent you from
purchasing the car if you have a history of running into other cars?  No
it isn't.  Is it the responsibility of the car dealer to prevent you
from purchasing the car if you have a history of being the victim in
automobile collisions?  No.  It is the responsibility of the car dealer
to sell you whatever car you desire to purchase and can provide funding for.

A brake problem with a new car would be analogous to a bad piece of
provider issued CPE or a mismatched MTU on a P-t-P circuit.  That's not
what we're talking about here.  We're talking about people who think
that setting cruise control is the same as engaging the auto-pilot on a
767.  When they set the cruise and recline the drivers seat and take a
nap while driving down the 605, they're going to get into a wreck.  It's
not the fault of the car dealer.  It's not the fault of the automobile
manufacturer.  It's the fault of the idiot who was behind the wheel.

The same goes for the idiots who click blindly, open unknown
attachments, fail to maintain patch levels, etc.  It's *THEIR* fault and
not that of their service providers.

> I sincerely enjoy word for word the learning experience here so please
> don't misunderstand my communication at any given time and should you
> tell me to STFU I'd respect that too, but I'm trying to understand why
> it can't be done and sadly I'm still seeing nothing more then an excuse.
> Not from you per-se but overall there is STILL no reason why networks
> can't be cleaner.

Networks *can* be cleaner.  All I have to do is admin down the customer
facing interfaces.  Until such time as the customer places their
computer under my direct administrative control, I am unable to control
what they do.  The malware is getting smarter.  I see a LOT of inbound
DDoS to UDP 53 from infected machines on the net when my customers get
attacked.  Probably one out of 5 DDoS's we see employ this attack
vector.  How do you suppose that the providers of the infected hosts
should protect against that?  I know.  Let's block all outbound UDP 53.
 Oh, wait... That won't work!  It's kind-of important that their
customers be able to do DNS queries, isn't it?

Again, there is no silver bullet.  It is *NOT* the responsibility of the
providers to force safe computing down the throat of their customers.
And last but not least, ISPs and NSPs do NOT Love Botnets.  You tell me
just how I am making money on an inbound 900Mb/s DDoS that is destined
for a customer with a flat-rate 512Kb/s fractional DS1?  Even networks
like Verizon/UUNet who *don't* pay anyone else for transit connections
suffer the burden of DDoS attacks, etc.  They have to build out more
capacity in their network to be able to carry those attacks without
causing service degradation of legitimate traffic.  Otherwise, they fail
to meet their service level agreements with their customers and they get
hit with crediting customers $$$ and or losing customers.

To put it as nicely as I can, there was absolutely NO MERIT to your
assertion that ISPs and NSPs benefit from Botnets, DoS/DDoS, etc.  You
provided absolutely no imperical evidence supporting your claim.  Each
point you have attempted to make to support your assertion has been shot
down by logic, reason and pure unadulterated fact.

> Understandable as well and appreciated on the schooling I'm getting.

I applaud you for recognizing that Botnets are a problem.  I invite you
to crusade against Botnets, DoS/DDoS, SPAM and all other nefarious
activity on the internet.  You need to choose your words wisely and
actually be able to provide supporting documentation of your claims
though.  Otherwise, you just come across as a blowhard without a clue
who is lashing out at the first convenient target, common sense and
reason be damned.

Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva -

To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.

Reply via email to