At the Telecommunications Policy and Research Conference in Arlington, VA in September, I gave a paper about Rustock Botnet and ASNs. Most of the paper is about effects of a specific takedown (March 2011) and a specific slowdown (December 2010) on specific botnets (Rustock, Lethic, Maazben, etc.) and specific ASNs (Korea Telecom’s AS 4766, India’s National Internet Backbone’s AS 9829, and many others).
The detailed drilldowns also motivate a higher level policy discussion.
There is extensive theoretical literature that indicates how to proceed, but consider this:Knock one down, two more pop up: Whack-a-mole is fun, but not a solution. Need many more takedowns, oor many more organizations playing. How do we get orgs to do that? …
Most orgs keep security problems secretReputation such as SpamRankings.net is pioneering is the key to transparency, which is the key to white hat cooperation. More in another post.because they think it will harm their reputation. Ahah! Publish reputation and they’ll care.
-jsq