nanog mailing list archives

Re: Botnet hunting resources

From: "J.D. Falk" <jdfalk-lists () cybernothing org>
Date: Tue, 11 Aug 2009 11:52:46 -0600

Jack Bates wrote:

J.D. Falk wrote:

Hi, Luke! MAAWG recently published a document to help ISPs deal with
infected machines in their networks. It's not the same kind of
pressure, but (as we learned with open relays at MAPS) pressure isn't
very effective unless there are tools available to deal with the problem.


It could also use a lot more resources? Watching traffic flows for
traffic destined to known C&C addresses is nice, but including a pointer
to a resource that actually gives those addresses is much more useful.
For those who don't deal with it every day, the document just says they
need to spend even more time with google.

I'll share your comments with the document authors. They're treating it asa living document, with updates expected regularly.


--
J.D. Falk
Return Path Inc
http://www.returnpath.net/

Current thread:

Re: Botnet hunting resources (was: Re: DOS in progress ?), (continued)
- - Re: Botnet hunting resources (was: Re: DOS in progress ?) goemon (Aug 08)
    - Re: Botnet hunting resources (was: Re: DOS in progress ?) Luke S Crawford (Aug 10)
    - Re: Botnet hunting resources (was: Re: DOS in progress ?) goemon (Aug 10)
    - Re: Botnet hunting resources (was: Re: DOS in progress ?) Nathan Ward (Aug 10)
    - Re: Botnet hunting resources (was: Re: DOS in progress ?) Jared Mauch (Aug 10)
    - RE: Botnet hunting resources (was: Re: DOS in progress ?) Tomas L. Byrnes (Aug 10)
  - Re: Botnet hunting resources J.D. Falk (Aug 10)
    - Re: Botnet hunting resources Jack Bates (Aug 11)
    - RE: Botnet hunting resources Bradley Freeman (Aug 11)
    - RE: Botnet hunting resources Tomas L. Byrnes (Aug 11)
    - Re: Botnet hunting resources J.D. Falk (Aug 11)
- RE: DOS in progress ? David Hubbard (Aug 06)