North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: botnet reporting by AS - what about you?
- From: Fergie (Paul Ferguson)
- Date: Sat Aug 13 00:28:36 2005
I can understand that -- right on. :-)
One must understand that this whole thing is a moving
target, and perhaps the reporting features are just now
maturing (now Gadi, don't make a liar out of me).
Insofar as as detection methodologies, I'll have to defer
to Gadi to elaboarate (illustrate?) them for a wide audience.
p.s. For what it's worth, I got a bit bloody last month
neutralizing a pertty large Pertibot infection in a client
network -- it was, at that point, new and undetectable by
most AV vendor ID mechanisms. Like I said, moving target, etc.
"Hannigan, Martin" <firstname.lastname@example.org> wrote:
I was on it and unsubscribed. They wouldn't disclose the collection or validation process at that time. This made it useless for the most part as its hard to act on someones word without some idea of how they are getting their data and avoiding collateral damage.
I'm not saying there aren't valid zombies on it, but my criteria for a list that identifies rogues includes trust. I have lists I felt were more trustworthy than DA.
Things may have changed.
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
email@example.com or firstname.lastname@example.org
ferg's tech blog: http://fergdawg.blogspot.com/