Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking )

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Christopher Morrow <christopher.morrow () verizonbusiness com> wrote:

> I'd love to see CPE dsl/cable-modem providers integrate with a 'service'
> that lists out 'bad' things. it'd be nice if the user could even tailor
> that list (just C&C or C&C + child-porn or C&C older not than X
> days/hours/minutes) ... I think it might even help, and be vendor
> > agnostic (from a provide and hardware) perspective.  

Ironically, that is exactly part of a product announcement that
we (Trend Micro) are making on 30 July.

Since this topic arose, I saw Trend mentioned as a possible
product "culprit" in this scenario, but it isn't. Yet. :-)

The particular service to be announced on Monday (BIS, or Botnet
Identification Service), is nothing more than a BGP feed of _known_
and _vetted_ botnet C&Cs as /32s, intended to be a black-hole feed.

Interested folks should either e-mail me off-list, or just wait for
the official announcement on 30 July.

Cheers,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)

wj8DBQFGplq5q1pz9mNUZTMRAnFzAKCicaHuvoTwJk92hPOOu2E/ofjhegCcCrMc
XCA4rpUCimConxtKV/Qrsfs=
=N2f1
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/