Comments on: Who Ya Gonna Call? **Updated** http://ddos.arbornetworks.com/2007/06/who-ya-gonna-call/ A weblog dedicated to educating the community on security threats that matter Sun, 29 Jan 2012 02:23:23 +0000 hourly 1 http://wordpress.org/?v= By: R. Kerns http://ddos.arbornetworks.com/2007/06/who-ya-gonna-call/comment-page-1/#comment-29500 R. Kerns Mon, 18 Jun 2007 19:07:36 +0000 http://asert.arbornetworks.com/2007/06/who-ya-gonna-call/#comment-29500 When they talk about this endeavor (BTW Operation Bot Roast is a terrible name because its too funny!) I have to wonder what exactly is supposed to happen upon notification that your box is a zombie? Articles are discussing that each Bot-owned box is its own miniature crime scene and can provide evidence to help catch the criminals behind them. But realistically how many people are going to allow their system to be inspected to gather any kind of evidence? Not to float the Arbot boat here but it seems more realistic to run honeynets and monitor/investigate bot activity that way. If you want to start to notify users that their machines are owned then thats all nice and well, but as stated when these users ask, "How the hell do I fix it?" they are not going to be satisfied when the FBI basically says "Well we dont provide support we just do notification..." Seems like a waste of time to me. Instead why not create some govt sponsored security apps that we can provide to the non-technical user community for free? Maybe I'm just being negative but Bot Roast sounds like a waste of time and money to me. (Also what happens when they incorrectly inform ppl that their systems are owned?) When they talk about this endeavor (BTW Operation Bot Roast is a terrible name because its too funny!) I have to wonder what exactly is supposed to happen upon notification that your box is a zombie? Articles are discussing that each Bot-owned box is its own miniature crime scene and can provide evidence to help catch the criminals behind them. But realistically how many people are going to allow their system to be inspected to gather any kind of evidence?

Not to float the Arbot boat here but it seems more realistic to run honeynets and monitor/investigate bot activity that way. If you want to start to notify users that their machines are owned then thats all nice and well, but as stated when these users ask, “How the hell do I fix it?” they are not going to be satisfied when the FBI basically says “Well we dont provide support we just do notification…” Seems like a waste of time to me. Instead why not create some govt sponsored security apps that we can provide to the non-technical user community for free?

Maybe I’m just being negative but Bot Roast sounds like a waste of time and money to me. (Also what happens when they incorrectly inform ppl that their systems are owned?)

]]> By: chris http://ddos.arbornetworks.com/2007/06/who-ya-gonna-call/comment-page-1/#comment-28584 chris Thu, 14 Jun 2007 22:45:03 +0000 http://asert.arbornetworks.com/2007/06/who-ya-gonna-call/#comment-28584 Social Engineering DDoS on ISP Helpdesks Launched by FBI!, news @ 11 ;) Social Engineering DDoS on ISP Helpdesks Launched by FBI!, news @ 11 ;)

]]> By: Paul http://ddos.arbornetworks.com/2007/06/who-ya-gonna-call/comment-page-1/#comment-28529 Paul Thu, 14 Jun 2007 18:45:25 +0000 http://asert.arbornetworks.com/2007/06/who-ya-gonna-call/#comment-28529 Danny- I notice you didn't include your phone number :-) -paul Danny-
I notice you didn’t include your phone number :-)
-paul

]]> By: Beware of BotNet Attack » SELaplana http://ddos.arbornetworks.com/2007/06/who-ya-gonna-call/comment-page-1/#comment-28459 Beware of BotNet Attack » SELaplana Thu, 14 Jun 2007 11:14:28 +0000 http://asert.arbornetworks.com/2007/06/who-ya-gonna-call/#comment-28459 [...] SecurityFocus and Digital Daily Save to del.icio.us • Stumble It! • Submit To Netscape • Digg This! Enter your email address toSubscribe: [...] [...] SecurityFocus and Digital Daily Save to del.icio.us • Stumble It! • Submit To Netscape • Digg This! Enter your email address toSubscribe: [...]

]]>