Man Gets 3 Years for Botnet Attack 89
Vobbo writes "Weeks after NANOG subscribers argued whether or not mitigating botnet command and control systems was a worthwhile endeavor, the LA Times reports that the old fashioned method of arresting and prosecuting criminals still works. Prosecutors successfully prosecuted a 21 year old who had conspired to create botnets that attacked the Department of Defense, a California school district, and a Seattle hospital before being arrested. He plead guilty and was sentenced to 3 years of 'supervised release.'"
Re:More sensationalism (Score:4, Informative)
"Editors", feel free to cut and paste."
FTA: "A man was sentenced to three years in prison Friday for launching a computer attack that hit tens of thousands of computers, including some belonging to the Department of Defense, a Seattle hospital and a California school district.
Christopher Maxwell, 21, of Vacaville, Calif., was also sentenced to three years of supervised release. "
I would say the 3 years in prison is more significant than the probation afterwards. Perhaps you should be informed before you start criticizing.
Re:Remind me again, why do we need all these new l (Score:5, Informative)
If you disable raw sockets, the backdoors will just start re-enabling them, sending raw ethernet frame instead of raw tcp, or even installing a replacement tcp stack which supports raw sockets properly.
Re:Remind me again, why do we need all these new l (Score:3, Informative)
A raw socket is basically an IP socket where you get to form the IP header and payload however you want. You can then send things like ICMP packets with the incorrect src address. Or you can issue TCP connect requests with the wrong address, etc...
Running httpd on port 81 is still a TCP/IP socket. You'd be sending out a valid src address and the like.
Tom
Re:Remind me again, why do we need all these new l (Score:3, Informative)
E.g. your address is 70.3.44.8, if your IP packets don't have that in the src address then null-route the sucker. Boom, no more anonymous DDoS as the zombies will be trackable and then can be held accountable.
Tom
Re:Remind me again, why do we need all these new l (Score:3, Informative)
If you want to get more fancy you could make sure ip associates with the MAC address. But generally if you can track a DDoS participant to an ISP gateway you can narrow it down from there if it's still active [or if you keep stats].
Tom
Re:More sensationalism (Score:2, Informative)
So assuming that he stays out of trouble, then yes, the sentence is probation.
Re:More sensationalism (Score:3, Informative)
Meanwhile he can do whatever the hell he wants, as he is likely to see his PO maybe once every three months.
I was in for armed bank robbery and rarely saw my PO. Fill out the form once a month and that's it. If you have no history of drugs, you won't even take drug tests. Oh, yeah, he might have to go to a bottom of the barrel shrink once a week for "therapy" - that's the biggest annoyance.
In essence, he got away with it. Supervised release is an annoyance, nothing more.