Bots don't honor 301 :(

VirginSnow at vfemail.net VirginSnow at vfemail.net
Mon Jan 12 15:02:52 EST 2009


> Date: Mon, 12 Jan 2009 10:35:05 -0500
> From: "Ben Scott" <dragonhawk at gmail.com>

> On Mon, Jan 12, 2009 at 9:19 AM, Larry Cook <lcook at sybase.com> wrote:
> > They would just come back or go bother someone else.
> 
> #ifdef CURMUDGEON
> 
>   They'll do that anyway.
> 
>   This is not a effective deterrent.

How so?  If you're keeping a bot tied up talking to you, you're
keeping the bot from probing other systems. (If you're tying up the
bot, you're obviously not vulnerable yourself.)  Some of these other
systems might indeed be vulnerable to the exploit.  To me, it seems
like keeping bots off of vulnerable hosts *would* be providing a
community service.

Granted, if the botmaster is using a multithreaded bot implementation
with CPU/bandwidth quotas, this won't help anyone.  But I really doubt
these bots are that sophisticated.  In fact, having been teasing them
over the past couple of days, I'm learning just how unsophisticated
they really are.

> It's the security equivalent of masturbation.  It may make you feel
> good, but that's all it's doing.

Please don't use the word "masturbation" to describe something you
think is worthless.  Given the demographics of this list, it's more
than likely that at least one person here finds masturbation
enjoyable, and could take offense to your reference to masturbation as
an empty and unfulfilling experience.

>   If you really want to do something effective, lookup the owner of
> the IP block and contact their abuse desk, and/or report the source IP
> address to one of the various network abuse reporting systems.

Where can one find/contact these "network abuse reporting systems"?


More information about the gnhlug-discuss mailing list