North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: mitigating botnet C&Cs has become useless
On Sat, 5 Aug 2006 17:17:27 -0400 (EDT), Sean Donelan typed:
Railroads have the railroad police. The Post Office has postal inspectors. Do we want to give ISP security the power to arrest people?
And besides doing that, we should educate our subs on how to properly maintain their PC (installing and keeping up-to-date antivirus software, patch the OS on a regular basis, you know the drill).
I don't think hunting down the botnet operator is going to solve the problem. If I were to setup a botnet, I'd have many layers of machines (in as many different countries as possible) and protocols between me and the drones that do my dirty work.
So, yeah, it can be solved (OK, to a large extend) by manpower, but as someone else already mentioned, it's a case of ROI. And, as usual, security is only costing you money.....