nanog mailing list archives

Re: drone armies C&C report - July/2005

From: Paul Vixie <vixie () vix com>
Date: 16 Aug 2005 03:24:55 +0000

Going further I think IL-CERT is doing a great service to the Internet
community. Their alerts allow to responsible network admins to
investigate and to preserve their networks clean of debris like spyware
and trojans.


The point is that aged data is an eternity when you're talking about
botnets, worms, zombies, c/c's, etc which is what made me wonder why it
was being posted in the first step. A month is a long time in botland.


while i'm not the one posting it, i do see these summaries and i also see
much of the raw data that's being summarized, in real time, as it's found
and shared.  AS owners/operators who want to get the data in real time have
already been told to send <ge () linuxbox org> some e-mail asking for it.  the
summaries are primarily useful for C&C's that are still alive a month later
even though plenty of notices have been sent to the relevant NOC's.  in
other words it's sort of like defcon's "wall of sheep".  i like the approach.
-- 
Paul Vixie

Current thread:

drone armies C&C report - July/2005 Gadi Evron (Aug 15)
- <Possible follow-ups>
- RE: drone armies C&C report - July/2005 Hannigan, Martin (Aug 15)
- RE: drone armies C&C report - July/2005 Hannigan, Martin (Aug 15)
- RE: drone armies C&C report - July/2005 MARLON BORBA (Aug 15)
  - RE: drone armies C&C report - July/2005 Christopher L. Morrow (Aug 15)
  - Re: drone armies C&C report - July/2005 Gadi Evron (Aug 15)
- RE: drone armies C&C report - July/2005 Hannigan, Martin (Aug 15)
  - Re: drone armies C&C report - July/2005 Paul Vixie (Aug 15)
- RE: drone armies C&C report - July/2005 Hannigan, Martin (Aug 15)
  - Re: drone armies C&C report - July/2005 David Ulevitch (Aug 15)
- RE: drone armies C&C report - July/2005 Hank Nussbacher (Aug 15)
- RE: drone armies C&C report - July/2005 Hannigan, Martin (Aug 16)