Re: botnet reporting by AS - what about you?

["Fergie (Paul Ferguson)" <fergdawg () netzero net>]

I can understand that -- right on. :-)

One must understand that this whole thing is a moving
target, and perhaps the reporting features are just now
maturing (now Gadi, don't make a liar out of me).

Insofar as as detection methodologies, I'll have to defer
to Gadi to elaboarate (illustrate?) them for a wide audience.

Cheers!

- ferg

p.s. For what it's worth, I got a bit bloody last month
neutralizing a pertty large Pertibot infection in a client
network -- it was, at that point, new and undetectable by
most AV vendor ID mechanisms. Like I said, moving target, etc.


"Hannigan, Martin" <hannigan () verisign com> wrote:

I was on it and unsubscribed. They wouldn't disclose the collection or validation process at that time. This made it 
useless for the most part as its hard to act on someones word without some idea of how they are getting their data and 
avoiding collateral damage.

I'm not saying there aren't valid zombies on it, but my criteria for a list that identifies rogues includes trust. I 
have lists I felt were more trustworthy than DA.

Things may have changed.

Martin


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/