At The Risk Of...
...being repetitious. The white hats should use captured C&C domains to issue "Sleep" commands to bots.
To avoid discomfort, properly lubricate all objects prior to spammer insertion.
At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world's most nefarious cyber operations. The massive drop is the result of actions taken by two Eastern European network providers. On Tuesday, they pulled the …
"That's a pretty interesting development and I think a very positive on..." Landesman told The Register.
WTF?? Positive? Will you still think it's positive when you loose YOUR internet connection because one of the other 10000 customers of your ISP did something someone doesn't like?
I'm all for cutting off the connections of those running C&C channels. I'd even cut off those with zombie machines (when I was with Demon internet, they would cut you off your mail connection for running open mail relays). But cutting off an entire ISP because some of it's customers are bad ones and giving two fingers to all their other customers is a bit too much.
No, sorry, but I disagree. The problem of spamming and botnets has been out of control for a while now, the time for diplomacy has passed. The ISP(s) in question ignored requests to keep their house in order, they have failed to do anything about it. In some cases these small ISPs are even run by crooks for crooks.
If a nightclub has a reputation for fights, drugs and generally causing a problem for local residences then their liquor license is pulled and the place is closed down. No-one finds that to be unreasonable, so why is this any different?
They should have been doing this years ago, before spam, phishing and DDOS attacks became a fact of life on the internet.
I would assume, unless told otherwise that the Upstream provider would have attempted to do this at some point. If you are unwilling to respond as an operator to issues of abuse, you should expect to loose your operator rights. This goes for almost any network, or any kind, even social networks. If lots of your friends are crooks, and keep causing trouble, people will not want to be around you.
I understand your point, lets not punish the innocent. Legitimate customers should find a more reputable ISP, one not at risk of this kind of supportive behavior that gets them axed.
> WTF?? Positive? Will you still think it's positive when you loose YOUR internet connection because one of the other 10000 customers of your ISP did something someone doesn't like?
I think you'll find these 'ISPs' customers were almost exclusively criminals, plus a bunch of spinternet houses and other undesirables who could not get hosted elsewhere. This was their whole raison d'être, and I'm sure they charged handsomely for it too..
Dont worry, BT broadband are not going to be cut off in the same way even if a few idjeeots and crims pop up there occasionally too.
In the financial world reputation (i.e. the ability to provide a credit contol reference) is in the hands of a few specialist companies. In the bricks and mortar world if you live or landlord in an area with many crooked neighbours you either bear a share of the costs of the bad neighborhood or you move somewhere else. We're likely to see similar economic and social pressures in the Internet world. Reputation providers such as Spamhaus or the Denyhosts data sharing server blacklist addresses responsible for bad traffic and those running SMTP or SSH servers which don't use these blacklists or are subject to higher volume attacks than those which do. Eventually if too high a proportion of an ISPs addresses emit bad traffic then other ISPs won't peer, because for them the costs of keeping a peg on their noses can become greater than the benefits of the traffic sharing peering arrangement.
This isn't an issue of fair or not fair, it's to do with economic and social realities which occur in other contexts catching up with the Internet world.
"One quarter of C&C channels vanish"
They'll just release another re-hashed version of the same tired, formulaic crap they've been living off for the past decade and the fanbois will create more channels.
Wait. We are talking about the same thing here right?
When I had responsibility for my corporate network, I used to report all attacks to the ISPs and if, after persistent attacks and reports they took no action, I would send them an email stating that I was holding the ISP commercially responsible for any damage and all cleaning up costs relating to attacks from their networks. That used to kick some into life.
Many used to resolve the problem on their own, but I used to laugh when I got responses from Russia. "You will have no more problems, we have terminated the user." used to conjure up interesting speculation.