North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Are botnets relevant to NANOG?
- From: Fergie
- Date: Fri May 26 18:45:32 2006
Not effective against botnets.
Think of it this way, thousands of compromised hosts (zombies),
distributed to the four corners of the Internet, hundreds (if
not thousands) of AS's -- all recieving their instructions via
IRC from a C&C server somewhere, that probably also may change
due to dynamic DNS, or pump-and-dump domain registrations, or
any other various ways to continually move the C&C.
Simply going after (what may _seem_to_be_) the last-hop router
is like swinging a stick after a piņata that you can't actually
reach when you are blind-folded. :-)
-- Peter Dambier <firstname.lastname@example.org> wrote:
Just an afterthought, traceroute and take the final router. I guess for
aDSL home users you will find some 8 or 11 routers in germany. My final
router never changes. Of course there can hide more than one bad guy
behind that router.
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
email@example.com or firstname.lastname@example.org
ferg's tech blog: http://fergdawg.blogspot.com/