[AusNOG] NBN must avoid becoming 'failed state'

Roland Chan roland at chan.id.au
Tue Sep 21 19:25:02 EST 2010


I think we'll just have to disagree on both points. People do care if
their PCs get owned and conficker's ability to operate can be
significantly reduced by measures taken in the network. To the extent
that malicious software can reverse engineered, we can continue to
disrupt the botnets if we're willing.

Either you're right and noone cares, or I am and your customers will
suffer more than mine.


On Tue, Sep 21, 2010 at 5:28 PM, Vitaly Osipov <vitaly.osipov at gmail.com> wrote:
> IMHO if you ask a non-techie person whether they seriously care about
> their computer becoming a part of the botnet, they are not too
> concerned if their data does not get stolen. Your measures do not
> quite prevent a computer from becoming part of a botnet, although they
> may help decrease the chance somewhat by filtering TCP traffic from
> *known* CCs. And they will help with tracking things as well.
>
> Then again, this setup will lead to another round of "flux" - e.g. CCs
> will start sending cryptosigned commands from spoofed IPs (overseas,
> outside your antispoofing control) over UDP telling the zombies to
> submit their info to a temporary IP or a set of IPs etc. Or bounce the
> data between zombies several times before finally sending it out. And
> so on. The data will still be stolen, because you will never be able
> to disconnect the new bots quickly enough. So, the only issue you can
> solve in reality is DDoS.
>
> Regards,
> Vitaly
>
>
>
>
> On Tue, Sep 21, 2010 at 4:11 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
>>
>> On Sep 21, 2010, at 12:59 PM, Vitaly Osipov wrote:
>>
>>> I have not seen the presentation, but judging from the slides it was
>>> primarily concerned with DDoS prevention.
>>
>> Actually, it was primarily concerned with dealing with bots, period.
>>
>>>
>>> Although, to be fair, the slides briefly recommend embedding total L2+ surveilance into NBN, but I wonder how this recommendation will fly... (slides 25 and especially 6 :) ).
>>
>> Not surveillance, visibility for situational awareness.
>>
>>> Besides, no instrumentation of local networks will help against foreign attackers.
>>
>> Actually, it does - it allows one to see inbound/outbound/crossbound attack traffic, botnet command-and-control, et. al.
>>
>> -----------------------------------------------------------------------
>> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>>
>>               Sell your computer and buy a guitar.
>>
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>



More information about the AusNOG mailing list