Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: botnet reporting by AS - what about you?

  • From: Fergie (Paul Ferguson)
  • Date: Sat Aug 13 00:28:36 2005

I can understand that -- right on. :-)

One must understand that this whole thing is a moving
target, and perhaps the reporting features are just now
maturing (now Gadi, don't make a liar out of me).

Insofar as as detection methodologies, I'll have to defer
to Gadi to elaboarate (illustrate?) them for a wide audience.

Cheers!

- ferg

p.s. For what it's worth, I got a bit bloody last month
neutralizing a pertty large Pertibot infection in a client
network -- it was, at that point, new and undetectable by
most AV vendor ID mechanisms. Like I said, moving target, etc.


"Hannigan, Martin" <hannigan@verisign.com> wrote:

I was on it and unsubscribed. They wouldn't disclose the collection or validation process at that time. This made it useless for the most part as its hard to act on someones word without some idea of how they are getting their data and avoiding collateral damage.

I'm not saying there aren't valid zombies on it, but my criteria for a list that identifies rogues includes trust. I have lists I felt were more trustworthy than DA.

Things may have changed.

Martin


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg@netzero.net or fergdawg@sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.