[116623] in North American Network Operators' Group
Re: Botnet hunting resources
daemon@ATHENA.MIT.EDU (J.D. Falk)
Tue Aug 11 13:53:33 2009
Date: Tue, 11 Aug 2009 11:52:46 -0600
From: "J.D. Falk" <jdfalk-lists@cybernothing.org>
To: NANOG <nanog@nanog.org>
In-Reply-To: <4A816DFE.7000703@brightok.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Jack Bates wrote:
> J.D. Falk wrote:
>> Hi, Luke! MAAWG recently published a document to help ISPs deal with
>> infected machines in their networks. It's not the same kind of
>> pressure, but (as we learned with open relays at MAPS) pressure isn't
>> very effective unless there are tools available to deal with the problem.
>
> It could also use a lot more resources? Watching traffic flows for
> traffic destined to known C&C addresses is nice, but including a pointer
> to a resource that actually gives those addresses is much more useful.
> For those who don't deal with it every day, the document just says they
> need to spend even more time with google.
I'll share your comments with the document authors. They're treating it as
a living document, with updates expected regularly.
--
J.D. Falk
Return Path Inc
http://www.returnpath.net/
