[AusNOG] (bad) cyber security and ideas coming out of thewoodwork?!

[Dobbins, Roland]

On Jun 24, 2010, at 3:02 PM, Tom Wright wrote:

> These are just regular users with a reasonably small outbound bandwidth.

This was the prevalent thinking amongst SPs in North America and Europe ca. 2000 or thereabouts - since that time, events have demonstrated that it's far costlier for them to do nothing, rather than proactively going after compromised hosts which are making a nuisance of themselves:

<http://files.me.com/roland.dobbins/y4ykq0>

<http://files.me.com/roland.dobbins/k54qkv>

<http://files.me.com/roland.dobbins/9i8xwl> <--- be advised that there's some vendor propaganda in this one, but it contains a slide which talks about how compromised hosts in an IDC make said IDC a far likelier target for DDoS itself, as well as BCP information.  I see this all the time, FWIW.

Just about all the major SPs in North America and Europe now participate in the global opsec community, and have folks actively working to get undesirable traffic/compromised hosts off their networks.  And increasing numbers in APAC and Oceania are starting down this path, as well - mostly after having learnt their lessons the hard way, rather than from the experiences of others.  The big China DNS DDoS meltdown in May of last year shoved this issue front-and-centre there, for example.

If you don't take matters into your own hands and work to ensure that you've visibility into and control over your network, government are going to do it for you - or, more likely, are going to force you to do it their way, whether you like it or not, and irrespective of capex and opex.  

The 'attractive nuisance' of compromised hosts on their networks is something that SPs ignore at their peril.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken