North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: mitigating botnet C&Cs has become useless
On Wed, Aug 02, 2006 at 08:25:40AM +0200, Peter Dambier wrote: ... > Let me try to become Gadi. First of all block port 80 (http) :) > Next block port 53 udp (dns). > > Now you have got rid of amplification attacks because spoofing does > no longer work and you have got rid of all those silly users that > only know how to click the mouse. ... I think it was the 1970s when I started telling people that the only truly secure computer was the one that was unplugged and buried under two miles of fused stone. Of course, this conflicts with usability. And, these days, with the all-worshipped network access. This level of security is, of course, not the solution. I trust that Peter D. was being sarcastic. On Wed, Aug 02, 2006 at 06:29:55AM +0000, Paul Vixie wrote: > surfer@xxxxxxxxxxxxxxx ("Scott Weeks") writes: > > ... I'm just saying that there has to be a better way than police-type > > actions on a global scale. ... > > no, there doesn't have to be such a way. where the stakes are in meatspace > (pun unintended), the remediation has to be in meatspace. cyberspace is > just a meatspace overlay, it can only pretend to have different laws when > nothing outside of cyberspace is at stake. i think that the days when > botnets were mostly used for kiddie-on-kiddie violence or even gangster-on- > gangster violence are permanently behind us. it's up to the real LEOs now, > because it's on their turf now, which is to say, it's in the real world now. > > as was true of spam when i said this about spam ten years ago, it is true > now of botnets that the only technical solution is "gated communities". but > the internet's culture, which merely mirrors the biases of those who use it, > requires the ability for children to go door to door selling girl scout > cookies, without necessarily having the key code to every one of the doors. > > so the internet community has no appetite for the trappings of any technical > solution to botnets. the meatspace community and their LEOs absolutely *do*. I think it was Scott Weeks who pointed out that gated communities are for the rich, and only push the E-VIL out to the rest of the community, who then have to board up their windows and cower. How do we make our world less fearsome? As Barry Shein and others mentioned, we have to make this kind of action in general something which people are afraid to do because of its consequences. We also want to make it something which people are reluctant to do, not only because it's unprofitable, but because it's WRONG. I may sound like a fogy when I say this [OK, maybe I am one, but so are most of you that grew up along with me!], but it seems that in general many folks are worrying less about what is RIGHT and WRONG, but about what they can get away with, and what society feels permissive about. That's a general problem. It can be fixed only be educating folks from the time they're born (a) to CARE about "right" and "wrong", and (b) to understand that messing with another's packets is as wrong as messing with his bank account. To make it less profitable, we have to make it harder. That means making sure that protection on networks is as good as possible. I am less adept at elaborating on that than many who have already done so. To make sure that there are consequences, we need to work with local Law Enforcement Organizations [for those who didn't know what LEOs were] to get these folks punished somehow. If that means that we have to educate the LEOs and legislatures, then that's what it takes. Do we need special Internet police? I would hope not. But perhaps we need an educated CyberCrime division of existing LEOs. This will not happen tomorrow, and not at all if we don't both push and help. And why is it up to us to do these things? Because it's our job. And in some cases our vocation. It may cost us more, or we may volunteer more time to do some of these things. But if the ones who know what they are doing don't do this, then it will cost us all even more. -- Joe Yao ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies.