To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hello,
When I was working at a VoIP hardware manufacturer, one of the things I noticed was that none of the consumer broadband providers seemed to honor QoS on their networks for SIP. I am not sure if it is better to reduce the priority of transmitting a customer's packets versus placing them in a walled garden where they can get OS and security patches and every other request is routed to page stating their connection has been limited due to unusual activity (along with instructions about how to check their operating system for updates, how to contact tech support for assistance, and so forth). ISPs don't have to call customers, they can use the walled garden approach on http and ftp traffic and send the customer an email notifying them why their account has been suspended. Some ISPs may even look at this as an opportunity to sell a managed security service to their customers. At least one major ISP is planning quarantining suspect customers: British Telecom is planning on using a gateway device from StreamShield Networks to block spambots, according to this article: http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=infrastructure&articleId=9004134&taxonomyId=145 It will be interesting to see how accurate the system is over time. Regards Aryeh Goretsky At 10:00 AM 10/16/2006, you wrote: >Message: 1 >Date: Mon, 16 Oct 2006 06:45:50 -0500 (CDT) >From: Gadi Evron <[EMAIL PROTECTED]> >Subject: [botnets] QoS and bot traffic >To: [email protected] >Message-ID: <[EMAIL PROTECTED]> >Content-Type: TEXT/PLAIN; charset=US-ASCII > >I am starting a discussion in the relevant groups on this subject, to try >and come up with some suggestions and TO-DO items we can follow up on, or >maybe even better - find another solution. > >Networks require a means by which they can control their botnet >population. Yes, "curing" the problem is great, but it won't happen in the >near future. > >Obviously, having ISP's call even one customer to remove infections >doesn't work (costs significantly more than the subscription fee per >attempt) and people just get re-infected. > >I am looking to utilize proven technology to be able to reduce the cost of >what a botnet can do. > >If botnet traffic is detected, even by not very sophisticated technologies >such as simply checking for email sent from dynamic ranges or netflow >data, it should be possible to use routing technology to "mitigate". > >QoS can limit the traffic these bots can utilize much like it would P2P >users in most ISP's today. These users are already of limited traffic due >to the effects of the bot. > >How can this be done using today's technology? Does it require re-design >of hardware or new systems to be designed? I hope to find out and get a >proposal ready, > > Gadi. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
