[83454] in North American Network Operators' Group
Re: drone armies C&C report - July/2005
daemon@ATHENA.MIT.EDU (Paul Vixie)
Mon Aug 15 23:25:23 2005
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 16 Aug 2005 03:24:55 +0000
In-Reply-To: <A206819EF47CBE4F84B5CB4A303CEB7A521921@dul1wnexmb01.vcorp.ad.vrsn.com>
Errors-To: owner-nanog@merit.edu
> > Going further I think IL-CERT is doing a great service to the Internet
> > community. Their alerts allow to responsible network admins to
> > investigate and to preserve their networks clean of debris like spyware
> > and trojans.
>
> The point is that aged data is an eternity when you're talking about
> botnets, worms, zombies, c/c's, etc which is what made me wonder why it
> was being posted in the first step. A month is a long time in botland.
while i'm not the one posting it, i do see these summaries and i also see
much of the raw data that's being summarized, in real time, as it's found
and shared. AS owners/operators who want to get the data in real time have
already been told to send <ge@linuxbox.org> some e-mail asking for it. the
summaries are primarily useful for C&C's that are still alive a month later
even though plenty of notices have been sent to the relevant NOC's. in
other words it's sort of like defcon's "wall of sheep". i like the approach.
--
Paul Vixie
