Forum latest

Bot wars! Whatever shall we do, to who?
Written by Daniel   
Wednesday, 07 March 2007 10:51
Battling Bots, Doing No Harm

MARCH 5, 2007 | ISPs, researchers, and law enforcement officials are finding themselves in a quandary in the botnet war -- whether to infiltrate and monitor a botnet's command and control, or to shut it down altogether. Both approaches can help trip up a botnet, for sure, but they also run the risk of derailing an investigation.

Most ISPs today just toss lots of bandwidth, managed services, and other tools at botnet traffic on their networks. Their first choice traditionally has been to remain mostly hands-off, due to their lack of resources for investigating botnets, as well as the sticky legal ground such work entails.

But some are starting to get a little more proactive, by diverting a botnet's C&C traffic where they can study more closely what the hosts are connecting to, and other behaviors of the botnet. Or they discard packets to disrupt the botnet's communications pipe.

That can put ISPs into legal hot water. "It involves mucking with a customer or peer's Internet address space," says Danny McPherson, Arbor Networks' chief research officer, who works closely with ISPs and researchers on sharing ways to work together in the botnet war. "It could also mean simply identifying and connecting to a known C&C on your own, or someone else's, network. Obviously, liability in this area could be considerable."... More

Comment in the Forums 

Don't Click Here Don't Click Here Either