February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Corporate Networks Under Threat | Main | Does Stock Spamming Really Work? »

January 19, 2007
The Big Botnet Question

Where are the ISPs in the battle against Botnets?

Botnets have threatened the very viability of email, so why haven’t ISPs joined in the battle to put them out of business? Experts say that ISPs just don’t have the resources yet in place to do battle, and it probably doesn’t make financial sense for them either. Yet!

“I don't think the botnet problem is large enough in the U.S. to catch ISPs' attention here yet," says David Maynor, CTO of Errata Security. "It will have to start costing them a lot of money first.”

That’s not to say not all ISPs haven’t joined the battle. Earthlink works with a “feedback loop system” where users can click a “this is spam” button, which helps Earthlink update their filters. Earthlink is an active member of the Messaging Anti-Abuse Working Group (MAAWG), which also includes Microsoft, Verizon, Cox Communications, Comcast, and Bellsouth. Recently MAAWG added behavioral monitoring to help detect zero-day attacks.

Then again, some people are plenty glad IPSs have stayed out of the fight. For ISPs to be actively involved they must have remote access to your desktop.

Says Dan Kaminsky, director of penetration testing for IOActive, “I don't want an ISP to have root on my box," he says. "Why should an ISP be in the position to monitor what software I'm running? Should they even know? But on the flip side, we are not winning the bot war, we’re losing it substantially, which may require a rethinking of networking in general and how we deal with botnets," he says. "Even if you gave Comcast or another ISP root on millions of machines so they could see if botnets are on them... Botnet authors could just hide from them.”

ISPs should definitely be actively quashing command and control botnet nodes that run on their networks, though, he says. This was taken from a list at Dark Reading.

Tags: botnet, ISP Botnet


Tags:

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1204

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map