On Tue, 21 Dec 2004, Hannigan, Martin wrote:
The ISP's cooperate. Going after the zombies is, for the
most part, an ineffective approach to the situation.
I'm not talking about reactive approach - I'm talking about prevention of
this in the first place. All that is necessary is that ISPs agree to share
in a standard way a list of host they believe to be responsible enough to
freely participate in SMTP transactions on their own. This cuts down list
of possible zombie targets to very few machines run by users who are
already likely to have security mechanism that prevents their system from
being taken over.
Search and destroy of the controllers is more effective i.e.
1 controller = 100K downed bots. (example)
There's a ton of work going on behind the scenes.
It is certainly good that this is going on, I've been involved in couple
of these "search and destroy" missions myself. But this is all work after
the fact when we should be trying to research ways to prevent the occurance
of the problem in the first place. In other words, would you prefer to
face possiblity of being sick with a smallpox rather then the world
having choosen to immunize everyone against it some time ago which
effectively got rid of the problem?
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg