For spammers, scammers, script kiddies, and hackers. Or, rather, for ISP's which host these, with the ban tables managed at a national level. Send some spam? BAM! Your IP address is black-holed by the entire Internet backbone. Problem solved. (Well, except for your ISP, which is going to run out of IP addresses quick, but that's their problem for allowing you to connect to port 25). Issue a port scan against an entire cable modem subnet from a 'botnet? BAM! You're all *dead*. No appeals. No second chances. You're *gone*. And don't whine that you don't know how to secure your Windows machine to keep it from becoming part of a 'botnet. That's *your* problem, and if you needed your Internet connection for work... (shrug). There's always picking spinach in the Salinas Valley in the summer time, y'know, I understand they're short of laborers there as usual.
The reason I say this is because I've found out why my Comcast is running so craptastical right now, and it's got nothing to do with Comcast and everything to do with a botnet currently engaged in port-scanning my entire cable subnet. Unfortunately this ends up saturating the system with ARP requests and things slow to a crawl. I'm sure Comcast is attempting to resolve the situation, but botnets simply are a PITA to defang because you have to identify all the members and black hole them -- and you're doing it as a single ISP, not as a nation-wide effort by multiple ISP's. And because so many of the ISP's with bots on them simply refuse to cooperate by disconnecting bot-infected clients, black holing becomes a game of tag -- the bot changes its MAC address, gets a new IP address, and keeps on crawling.
In short: I've lost my patience with this whole 'bot situation. It's time for grownups to come to the table and start giving the death penalty to ISP's that don't cooperate in exterminating botnets. This is just getting fuggin' *ridiculous*...
-- Badtux the DoS'ed Penguin
Spammers, scammers, script kiddies, hackers, grrble, grrble, grrble, Muppets, grrble, *ridiculous.*
ReplyDeleteI don't speak most of the language, but I'm pretty sure I agree. They deserve a special kind of hell, like a real one with only low-paid service jobs and bad beer.
*sigh* Badtux, why aren't you married? You're just so geekalicious :)
ReplyDelete(I can't help it, dad wore pocket protectors, ok?)
We have to start pulling IP blocks. If an ISP won't cooperate, they lose their IP block. Badly configured and poorly maintained servers are part of the problem.
ReplyDeleteIf you have someone with a couple of brain cells watching your traffic, you can see it developing, and stop it.
There are too many non-tech groups in charge of too many ISPs, and they aren't paying to have them monitored.
Risk is the invisible hand. If
they risk losing their IP block, they will have to pay attention or find something else to do.
The problem is getting the 'Net overlords to actually do something about it.