Q:  I’ve heard that the police generally don’t help with computer crimes. Should I bother calling? A

427_Botnet_11.qxd 1/9/07 9:56 AM Page 416

Responding 
to Botnets
Solutions in this chapter:
■
Giving Up Is Not an Option
■
Why Do We Have This Problem?
■
What Is to Be Done?
■
A Call to Arms
Chapter 12
417
Summary
Solutions Fast Track
Frequently Asked Questions
427_Botnet_12.qxd 1/9/07 3:08 PM Page 417

Introduction
In this chapter, we talk about how we got ourselves into this mess, and brain-
storm a bit about how we might get out. We first discuss the problem and talk a
bit about how it is fueled by money and identity theft. We also talk about why
it is a hard problem.Then, we present various ways we might respond to the
challenge of botnets, including basic sane security practices for hosts and net-
works, and measures aimed at reaching out to more aggressively grapple with
the beast. One thing for sure, the problem is real and it is fueled by money. We
also are going to brainstorm a bit in this chapter. Not of all our solutions or
suggestions will be doable by everyone, especially those with limited resources
and time.To quote from the State of Kansas:“ad astra per aspera” (to the stars
through difficulties). We hope to provide food for thought.
The $64,000 question with botnets is what to do with them when you
find them. Blocking the inbound and outbound traffic related to the botnet
and eliminating clients you find in your environment is a natural first inclina-
tion, and in many organizations, this may appear to be your only option.
Your organization’s response to botnets should begin long before you dis-
cover a botclient or botserver on your network. Many actions can be taken that
are preventative, proactive, and should be considered. We will examine the issues
and concerns in many areas to search for potential opportunities for improve-
ment to discover as many tools and weapons against botnets as possible.

Download 6,98 Mb.

Do'stlaringiz bilan baham: