nanog mailing list archives

Re: RBL for bots?

From: Sean Donelan <sean () donelan com>
Date: Thu, 15 Feb 2007 11:45:48 -0500 (EST)


On Thu, 15 Feb 2007, Drew Weaver wrote:

   Has anyone created an RBL, much like (possibly) the BOGON list which
includes the IP addresses of hosts which seem to be "infected" and are
attempting to brute-force SSH/HTTP, etc?

Bots are rarely single purpose engines. If they have been detected doingbad things, they will probably appear in multiple RBLs for multiplereasons. If something is in multiple RBLs, even if it hasn't done theparticular badness you are looking for, its probably just a matter oftime.

Perhaps not surprising, some of the porn site vendors appear to havethe most sophisticated systems for detecting brute force/password sharing

attacks.

Current thread:

Re: botnets: web servers, end-systems and Vint Cerf, (continued)
- - - Re: botnets: web servers, end-systems and Vint Cerf Valdis . Kletnieks (Feb 16)
    - Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 16)
    - Re: botnets: web servers, end-systems and Vint Cerf Eric Gauthier (Feb 16)
    - Re: botnets: web servers, end-systems and Vint Cerf Gadi Evron (Feb 16)
    - Re: botnets: web servers, end-systems and Vint Cerf Eric Gauthier (Feb 26)
    - Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 27)
    - resnets and naming (was: Re: botnets: web servers, end-systems and Vint Cerf) Steven Champeon (Feb 16)
    - Re: resnets and naming Scott McGrath (Feb 16)
    - Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 16)
    - Re: RBL for bots? J. Oquendo (Feb 16)
- Re: RBL for bots? Sean Donelan (Feb 15)
- Re: RBL for bots? Matthew Sullivan (Feb 15)