QoS and bot traffic
i am starting a discussion in the relevant groups on this subject, to try and come up with some suggestions and to-do items we can follow up on, or maybe even better – find another solution.
networks require a means by which they can control their botnet population. yes, “curing” the problem is great, but it won’t happen in the near future.
obviously, having isp’s call even one customer to remove infections doesn’t work (costs significantly more than the subscription fee per attempt) and people just get re-infected.
i am looking to utilize proven technology to be able to reduce the cost of what a botnet can do.
if botnet traffic is detected, even by not very sophisticated technologies such as simply checking for email sent from dynamic ranges or netflow data, it should be possible to use routing technology to “mitigate”.
qos can limit the traffic these bots can utilize much like it would p2p users in most isp’s today. these users are already of limited traffic due to the effects of the bot.
how can this be done using today’s technology? does it require re-design of hardware or new systems to be designed? i hope to find out and get a proposal ready,