nanog mailing list archives
Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...]
From: Randy Bush <randy () psg com>
Date: Sat, 20 Dec 2008 12:23:08 +0900
be specific, like "if you run X tools the payoff will be Y."Yes. And where is the appropriate form for this?
there must be some operators' list somewhere. > it doesn't seem like the sort of thing NANOG is foryep. nanog is for whining about it, not doing/saying something actually constructive with technical content.
</sarcasm>
speaking as a small provider, I can tell you that I find running snort against my inbound traffic does reduce the cost of running an abuse desk. I do catch offenders before I get abuse@ complaints, sometimes.
unfortunately snort does not really scale to a larger provider. and, to the best of my poor knowledge, good open source tools to black-hole/redirect botted users are not generally available. universities have some that are good at campus and enterprise scale.
cymru and a few security researchers responded privately to my plea for solid open source tool sets and refs. knowing the folk involved, maybe we'll see some motion. patience is a virtue, within limits.
randy
Current thread:
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...], (continued)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Paul Ferguson (Dec 13)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Randy Bush (Dec 13)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Rich Kulawiec (Dec 14)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Murtaza (Dec 14)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Randy Bush (Dec 14)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] JF Mezei (Dec 14)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Gadi Evron (Dec 14)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Christopher Morrow (Dec 14)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Gadi Evron (Dec 15)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Randy Bush (Dec 13)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Paul Ferguson (Dec 13)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Luke S Crawford (Dec 19)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Randy Bush (Dec 19)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Joel Esler (Dec 19)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Nathan Ward (Dec 19)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Luke S Crawford (Dec 19)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Seth Mattinen (Dec 19)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Brandon Galbraith (Dec 19)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Luke S Crawford (Dec 20)
- Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...] Sean Donelan (Dec 21)