I was reading about bot-nets and was wondering why it is not possible to find the origin of these nets and route them out by identifying the origin computer which sets these up ?
I perhaps don't understand them very much so pardon my naive question.
Theoritically all traffic that originates from every computer has to go through an ISP, a bunch of intermediate routers and finally reach it's destination host. So if the ISPs monitor incoming and outgoing addresses they should be able to tell which IP addresses is making all these connections to a large number of destinations or some such heuristic...
In general these backbone providers and ISPS together essentially know where the connections from each computer go, so why not follow them ?
Normally it's not a single computer that sets them up. Many botnets are propagated by a worm/virus/trojan, so it's only a bit simpler to find the originating host as it is to find the first guy with influenza.
Another problem is if the signal hops across several ISPs, it's not very easy to trace, since an ISP doesn't have access into the logs of the preceding ISPs in the chain, nor do they see the activity that is going on in hosts downchain from them. It takes a central authority like FBI to track things down, and even they have problems if connection hops through, say, Vanuatu.