[82548] in North American Network Operators' Group
networks with many issues
daemon@ATHENA.MIT.EDU (Rick Wesson)
Thu Jul 21 13:43:45 2005
Date: Thu, 21 Jul 2005 10:42:48 -0700
From: Rick Wesson <wessorh@ar.com>
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
I've come across a few requests for reports with over 10,000 issues. for
the net ops folks that might have huge blocks with many issues -- what
is the most relivant information? Also, how does one go about solving a
large set of issues across a huge address space?
Basickly I'm wondering if I can't build some tools to make life easyer
and use the reports as an input to the tools.
Also I'd be interested in how large reports should be broken down. I
have the issue, address, reverse dns, source and timestamp. would it be
best to group the report by issue type.
The issues I am track are
Open Proxy (http, socks, other)
Website with vunerabilities
Spam source( spammed honney pot, spamtrap)
Open Relay (smtp)
Understand the timestamp is the time I saw the issue from the RBL. I
import data at best hourly and the DNSRBLs don't all have timestamps for
their data.
I am generaly interested in understanding how to produce information and
tools that the large operaters can utilize effectively.
I'd appreciate any thoughts and ideas on how to hande these problems.
-rick
