[74907] in North American Network Operators' Group
RE: short Botnet list and Cashing in on DoS
daemon@ATHENA.MIT.EDU (Hannigan, Martin)
Wed Oct 20 15:15:38 2004
From: "Hannigan, Martin" <hannigan@verisign.com>
To: nanog@merit.edu
Date: Wed, 20 Oct 2004 15:14:29 -0400
Errors-To: owner-nanog-outgoing@merit.edu
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Paul Vixie
> Sent: Thursday, October 07, 2004 12:29 PM
> To: nanog@merit.edu
> Subject: Re: short Botnet list and Cashing in on DoS
>
>
>
> > > ..., a-la spamhaus. Bothaus anyone?
> >
> > The problem with that is the list rapidly updates and must
> be maintained
> > with some level of frequency and there's a level of trust
> involved in it
> > as well.
>
> i consider www.cymru.com to be an excellent beginning toward
> that goalset.
>
> > Going after the bots is lesser effort. The controllers are
> a priority.
>
> wide scale BCP38 conformity is the only way any of this will
> ever happen.
You mean the bots? The controllers are behind the bots. Also,
in John's presentation..:
http://www.nanog.org/mtg-0410/pdf/kristoff.pdf
[..]we additionally request that they resolve the RR to 127.0.0.3
before they lock out and reload the zone.
We picked 127/8 as the standard. RFC 1918 wasn't suitable
for obvious reasons.
-M
