Re: Botnet hunting resources (was: Re: DOS in progress ?)

[goemon () anime net]

On Mon, 10 Aug 2009, Luke S Crawford wrote:
> goemon () anime net writes:
> > On Fri, 8 Aug 2009, Luke S Crawford wrote:
> > > 1. are there people who apply pressure to ISPs to get them to shut down
> > > botnets, like maps did for spam?
> > sadly no.
> ...
>
> Why do you think this might be?  Fear of (extralegal) retaliation by
> botnet owners?  or fear of getting sued by listed network owners?   or is
> the idea (shunning packets from ISPs that host botnets)  fundamentally unsound?

such a list would include all of chinanet and france telecom. it would 
likely not last long.

what do you do when rogue networks are state owned?

> If someone sufficiently trustworthy produced a BGP feed of networks that
> were unresponsive to abuse complaints, do you think other networks would use
> it to block traffic?

no.

> I mean, ultimately I think that having several providers of such feeds 
> with differing levels of aggression would be the best case, but someone 
> has got to go first.

consider how much time and effort it took to get intercage shut down and 
you'd realize it's pretty much a lost cause.

-Dan