[83402] in North American Network Operators' Group
Re: botnet reporting by AS - what about you?
daemon@ATHENA.MIT.EDU (Fergie (Paul Ferguson))
Fri Aug 12 23:51:44 2005
From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Date: Sat, 13 Aug 2005 03:49:31 GMT
To: christopher.morrow@mci.com
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Chris,
I can assure you that the Drone Army project is not run that
way, and is quite useful, effective, etc.
The folks behind the DA Project are certainly professionals...
...and the infromation is quite useable, parse-able, and genuine.
- ferg
-- "Christopher L. Morrow" <christopher.morrow@mci.com> wrote:
perhaps we could back up and ask:
1) why are you not using the arin/ripe/apnic/japnic/krnic/lacnic poc's for
these asn's? certainly some are not up to date, but there are a large
number that are...
2) what is this for again?
3) are you planning on sending something to these poc's?
4) what are you planning on sending to them?
5) how often should they expect to see something, and from 'whom'?
6) looked at the INCH working group in IETF, thought about using some of
these evolving standards for your alerts/messags/missives?
7) please don't send in bmp files of traceroutes (make the info you send
in complete and usable... 'I saw a bot on ip 12' is not useable, as an
fyi)
-Chris
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
