Re: Are botnets relevant to NANOG?

[Sean Donelan <sean () donelan com>]

On Fri, 26 May 2006, John Kristoff wrote:
> What I'd be curious to know in the numbers being thrown around if there
> has been any accounting of transient address usage.  Since I'm spending

I worked with Adlex to update their software to identify and track dynamic
addresses associated with subscriber RADIUS information.  At the time,
Adlex (now CompuWare) was the only off-the-shelf software that matched
unique subscriber RADIUS instead of just IP address. It is behavior based,
so not absolutely 100% accurate, but it is useful for long term trending
"bot-like" unique subscribers instead of dynamic IP addresses.  I presented
some public numbers at an NSP-SEC BOF.  There is a large difference
between the number of unique subscribers versus the number of dynamic IP
addresses detected by various public detectors.

http://www.compuware.com/products/vantage/4920_ENG_HTML.htm