Gadi Evron on Botnet Command and Control

Renowned botnet hunter Gadi Evron posted a message titled mitigating botnet C&Cs has become useless to several newsgroups. His post is a little tough to follow, but it seems his main point is it's too easy for intruders to establish new command and control networks. The good guys can't shut down the C&C networks fast enough to make a difference.

Paul Vixie extended this argument in 2004 in his Superbugs story. He said "Stomping a botnet is actually a bad thing to do. Read that again. Please." Vixie argues that shutting down simple C&C networks forces intruders to elevate their game.

I'm not sure what I should think about this issue. Paul Vixie, and definitely Gadi Evron, know far more about botnets than I do. However, I'm not sure that I can accept their argument about slowing down the digital arms race. I agree that confronting the intruders as directly as possible, though law enforcement, is the best course of action. On the other hand, if I worked for an ISP, I would not tolerate botnet command and control networks on my links just so intruders wouldn't learn to innovate.