[116589] in North American Network Operators' Group
Re: Botnet hunting resources (was: Re: DOS in progress ?)
daemon@ATHENA.MIT.EDU (goemon@anime.net)
Sun Aug 9 00:40:32 2009
Date: Sat, 8 Aug 2009 21:39:02 -0700 (PDT)
From: goemon@anime.net
To: Luke S Crawford <lsc@prgmr.com>
In-Reply-To: <m3iqgysy1c.fsf@luke.xen.prgmr.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 8 Aug 2009, Luke S Crawford wrote:
> 1. are there people who apply pressure to ISPs to get them to shut down
> botnets, like maps did for spam?
sadly no.
> I've got 50 gigs of packet captures, and have been going through with
> perl to detect IPs who send me lots of tcp packets with 0 payloads, then
> manually sending abuse reports.
>
> Half the abuse reports bounce, and the other half are ignored.
> (most of the hosts in question are in china.)
it's a big problem, especially with rogue networks like france and china.
there is currently zero incentive for anyone clean up, as there are no
consequences for not doing so.
this will not change until there are real consequences for operating IP
cesspools.
-Dan
