North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Are botnets relevant to NANOG?
- From: Fergie
- Date: Fri May 26 18:45:32 2006
Not effective against botnets.
Think of it this way, thousands of compromised hosts (zombies),
distributed to the four corners of the Internet, hundreds (if
not thousands) of AS's -- all recieving their instructions via
IRC from a C&C server somewhere, that probably also may change
due to dynamic DNS, or pump-and-dump domain registrations, or
any other various ways to continually move the C&C.
Simply going after (what may _seem_to_be_) the last-hop router
is like swinging a stick after a piņata that you can't actually
reach when you are blind-folded. :-)
- ferg
-- Peter Dambier <peter@peter-dambier.de> wrote:
Just an afterthought, traceroute and take the final router. I guess for
aDSL home users you will find some 8 or 11 routers in germany. My final
router never changes. Of course there can hide more than one bad guy
behind that router.
[snip]
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
|
