[132122] in North American Network Operators' Group
Bot reporting - best procedure?
daemon@ATHENA.MIT.EDU (Simon Waters)
Tue Nov 16 06:04:17 2010
From: Simon Waters <simonw@zynet.net>
To: nanog@nanog.org
Date: Tue, 16 Nov 2010 11:04:07 +0000
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Sure it is something I should know, but I keep hitting dead ends.
What is current state on botnet reporting procedures?
A minor irritation currently, but clearly well resource botnet is pestering
one of our services, only a couple of thousand IP addresses in use, but I'd
like to mop up as much of it as possible whilst it is only an irritation,
since presumably between irritation and being off the Internet is only one
command.
Lots of Botnet related resources seem to have vanished from the net, or be in
poor repair.
RIPE provide an API for Abuse address lookup, so a potential solution exists
for automaton. But I figure someone else will have written some scripts or
interfaces to save me messing it up, and landing 100's of abuse desks with
useless information.
