[wplug] Be afraid ... interesting research on botnets

[Patrick Wagstrom]

On Tue, 2005-03-15 at 14:47 -0500, Greg Simkins wrote:
> When is somebody (I guess some Govt agency) going to actually DO something 
> about these attacks?  It seems like that these huge zombie networks could be 
> broken up with a bit of concerted effort.

It's really doubtful that the government would step in to do anything.
They tend to take a serious disaster before they start action on an
issue, and this is a complex issue that most legislators don't
understand, so they'll spend their time on things that are really
pressing like deciding whether Saving Private Ryan is obscene or what to
do about steroids in baseball.

It's likely that if anything happens its going to be the providers that
do some work on it, at least here in the US.  I could see a company that
is being attacked by these networks deciding to sue Comcast because they
knowingly allow infected zombie machines to stay on their network.  It's
not quite aiding and abetting, but it's getting to be pretty close.

It's also not easy to break these things up.  They don't operate over
standard ports and can be upgraded and changed pretty fast (faster than
the good guys can fight back).  This means that standard techniques such
as port blocking or L7 packet classification will remain difficult.
Not to mention that port blocking is generally bad anyway.

The real issue that vendors need to take some responsibility for their
products.  If I release a product that can cause harm shouldn't I be
liable for it?  If I were to sell radio controlled cars that could be
easily taken over on a global scale to force them to go screw with
physical traffic (cars) I would probably be liable for selling the
product.   Unfortunately, those wonderful EULAs that everyone agrees to
somehow make software companies immune to these issues.  Oh yeah, and
Linux has the same disclaimers, read the GPL.

Sigh.

--Patrick