Rick Wesson, Support Intelligence [hehe]
Understanding abuse, aggregate it, push it back to
operators, let them know what they're doing to other
[no slides, he does a live presentation of his tool]
How do I believe you?
realtime data visualization, Feb 8th, 2006
130 different data sources, 90% passive;
10,000 domain aggregated spam trap, very
evil SMTP that filters and bans IP for some time.
1.2million events per day aggregated, about 700,000
unique IPs for the global internet.
BGP peers, aggregate based on announcements made.
Put into tool so network operators can visualize
their prefixes, drill in, and see abuse each
hover over point, it shows the operator, IP address,
and what the problem was (spam, insecure web server, etc)
This shows problem areas that need to be addressed!
disseminate this information, help ISPs clean up their
Can also pass along information of abuse that has
happened to you.
If you have an AS, he can tell you what your AS has
been used for, abused for, owned, etc.
email him for more info...except he didn't list
his email info. ^_^;