logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 291 days ago
Via: http://lists.jammed.com | Tags: re isn mayday mayday ruskies reinvent cyber crime comments Discuss  


Forwarded from: *Hobbit* <hobbit (at) avian.org>



Breathless articles like this just piss me off. It isn't about whose

botnet is bigger or more secretive or what its C2 protocol is. It's

really about the fact that they're permitted to exist at all, let alone

successfully send huge volumes of spam.



If the ISPs would actually grow a pair one of these days and curtail

untrusted customer netblocks full of known-infested machines from

sending ANY direct SMTP traffic to anywhere but the ISP's own authorized

and well-controlled egress relay, there would be no point in spam

botnets. I wrote at length about this over two years ago and suggested

some local [and arguably somewhat lame] mitigation strategies, in



http://www.usenix.org/publications/login/2005-10/openpdfs/hobbit.pdf



but how many people actually read Usenix papers, anyways. The point

here is that the ISPs are a very large percentage AT FAULT for the

continued existence and appeal of botnets. If you work for an ISP, go

ahead, be as angry as you want at me for saying that, but you know how

true it is. Have you ever spent *4 hours* on the phone with reps in the

Phillipines for Verizon or Comcast [to pick on the big boys] trying to

find someone who can even spell SMTP, let alone do anything to solve a

problem or track spam? GFL.



How hard is it to add some anti-forgery header rules to the egress

dropoff mailservers that ALREADY exist, special-case a few people who

actually know what they're doing, and then hop on the edge routers and

clamp down on any other TCP 25 noise emerging from subscriber clouds?

HOW HARD IS IT?? Don't give me that lame "common carrier, can't do it"

excuse -- you wouldn't be blocking ingress CIFS and the like either if

that held any water. If you're an ISP and continuing to let botnets

work under your noses, you are an overt threat to the security of many

nations at once. Get busy.



Oh, and you could try answering your abuse@ mailboxes once in a while.



_H*





___________________________________________________

Subscribe to InfoSec News

http://www.infosecnews.org/mailman/listinfo/isn





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security