[116617] in North American Network Operators' Group
Re: Botnet hunting resources
daemon@ATHENA.MIT.EDU (Jack Bates)
Tue Aug 11 09:12:55 2009
Date: Tue, 11 Aug 2009 08:11:26 -0500
From: Jack Bates <jbates@brightok.net>
To: "J.D. Falk" <jdfalk-lists@cybernothing.org>
In-Reply-To: <4A80AC1B.6050602@cybernothing.org>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
J.D. Falk wrote:
> Hi, Luke! MAAWG recently published a document to help ISPs deal with
> infected machines in their networks. It's not the same kind of
> pressure, but (as we learned with open relays at MAPS) pressure isn't
> very effective unless there are tools available to deal with the problem.
It could also use a lot more resources? Watching traffic flows for
traffic destined to known C&C addresses is nice, but including a pointer
to a resource that actually gives those addresses is much more useful.
For those who don't deal with it every day, the document just says they
need to spend even more time with google.
Jack
