nanog mailing list archives
Re: botted hosts
From: Sean Donelan <sean () donelan com>
Date: Mon, 4 Apr 2005 04:59:42 -0400 (EDT)
On Mon, 4 Apr 2005, Suresh Ramasubramanian wrote:
That said, Joe St.Sauver put it fairly well in his presentation at maawg san diego, when he said it is cough sirup for lung cancer, and what you need along with the cough sirup of port 25 filtering, is some stronger measures to locate and take down botted hosts, which of course can be used for nastier things (DDoS botnets for example) as well, things that do just fine without port 25.
Yep. I've saying that for several years, and then immediately get shouted down. A secure computer doesn't spam, spy, ddos, attack, zombie, bot or any of the other awful things. A compromised computer can do all that and more. Locating bots is relatively easy. If you think that is the hard part, you don't understand the problem. Unfortunately, researchers haven't come up with a better way to fix compromised machines without destroying the innocent victims' work. Several grad students have told me they consider coming up with better ways to recover a compromised computer too hard of a problem for their thesis. Many people prefer to keep using a compromised computer rather than attempt to fix it. And as anyone with a relative and a computer knows, if you ever help someone with a compromised computer, everything that ever goes wrong with the computer in the future becomes your fault. So how do you encourage people to fix their computers, without the press writing lots of stories about "evil" ISPs cut off service to grandmother's on social security looking at pictures of their grandchildren. There are at least 20 million and probably more compromised computers on the Internet. Who has a plan to fix them?
Current thread:
- Re: botted hosts Randy Bush (Apr 03)
- <Possible follow-ups>
- Re: botted hosts Sean Donelan (Apr 03)
- Re: botted hosts Suresh Ramasubramanian (Apr 03)
- Re: botted hosts Sean Donelan (Apr 04)
- Re: botted hosts Alex Bligh (Apr 04)
- Message not available
- Re: botted hosts Sean Donelan (Apr 04)
- Re: botted hosts Simon Waters (Apr 05)
- Re: botted hosts Suresh Ramasubramanian (Apr 03)
- Re: botted hosts Suresh Ramasubramanian (Apr 04)
- Re: botted hosts Florian Weimer (Apr 04)
- Re: botted hosts Suresh Ramasubramanian (Apr 04)
- Re: botted hosts Petri Helenius (Apr 05)
- Re: botted hosts Petri Helenius (Apr 04)
- Re: botted hosts Valdis . Kletnieks (Apr 04)
- Re: botted hosts Peter Corlett (Apr 04)