[AusNOG] NBN must avoid becoming 'failed state'
Dobbins, Roland
rdobbins at arbor.net
Wed Sep 22 10:31:04 EST 2010
On Sep 22, 2010, at 5:18 AM, Vitaly Osipov wrote:
> On the other hand, it only takes maybe a week of coding and testing to turn any existing
> botnet into a headless P2P network completely blending in with Bittorrent,
> or start controlling them via Twitter, Facebook etc.
We've been seeing this sort of thing for years (I first encountered a botnet using P2P for C&C in 2003). One of my colleagues discovered a botnet using Twitter for C&C last year:
<http://asert.arbornetworks.com/2009/08/twitter-based-botnet-command-channel/>
The point is that if nothing else, when the bot starts doing Bad Things, you can at least see that it's doing them, and quarantine it - if the network elements have the capability to do so, and if the operator has the ability to leverage said capability.
It's quite easy to justify inaction - after all, that's how we ended up in the seemingly perpetual state of Internet security emergency we're in today. Surely we can do better than this?
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Sell your computer and buy a guitar.
More information about the AusNOG
mailing list