[AusNOG] NBN must avoid becoming 'failed state'
Vitaly Osipov
vitaly.osipov at gmail.com
Tue Sep 21 17:28:03 EST 2010
IMHO if you ask a non-techie person whether they seriously care about
their computer becoming a part of the botnet, they are not too
concerned if their data does not get stolen. Your measures do not
quite prevent a computer from becoming part of a botnet, although they
may help decrease the chance somewhat by filtering TCP traffic from
*known* CCs. And they will help with tracking things as well.
Then again, this setup will lead to another round of "flux" - e.g. CCs
will start sending cryptosigned commands from spoofed IPs (overseas,
outside your antispoofing control) over UDP telling the zombies to
submit their info to a temporary IP or a set of IPs etc. Or bounce the
data between zombies several times before finally sending it out. And
so on. The data will still be stolen, because you will never be able
to disconnect the new bots quickly enough. So, the only issue you can
solve in reality is DDoS.
Regards,
Vitaly
On Tue, Sep 21, 2010 at 4:11 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
>
> On Sep 21, 2010, at 12:59 PM, Vitaly Osipov wrote:
>
>> I have not seen the presentation, but judging from the slides it was
>> primarily concerned with DDoS prevention.
>
> Actually, it was primarily concerned with dealing with bots, period.
>
>>
>> Although, to be fair, the slides briefly recommend embedding total L2+ surveilance into NBN, but I wonder how this recommendation will fly... (slides 25 and especially 6 :) ).
>
> Not surveillance, visibility for situational awareness.
>
>> Besides, no instrumentation of local networks will help against foreign attackers.
>
> Actually, it does - it allows one to see inbound/outbound/crossbound attack traffic, botnet command-and-control, et. al.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Sell your computer and buy a guitar.
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
More information about the AusNOG
mailing list