[90488] in North American Network Operators' Group
Re: Are botnets relevant to NANOG?
daemon@ATHENA.MIT.EDU (John Kristoff)
Fri May 26 13:47:38 2006
Date: Fri, 26 May 2006 12:47:06 -0500
From: John Kristoff <jtk@ultradns.net>
To: nanog@merit.edu
In-Reply-To: <44773906.9010407@ar.com>
Errors-To: owner-nanog@merit.edu
On Fri, 26 May 2006 10:21:10 -0700
Rick Wesson <wessorh@ar.com> wrote:
> lets see, should we be concerned? here are a few interesting tables,
> the cnt column is new IP addresses we have seen in the last 5 days.
Hi Rick,
What I'd be curious to know in the numbers being thrown around if there
has been any accounting of transient address usage. Since I'm spending
an awful lot of time with DNS these days, I'll actually provide a cite
related to that (and not simply suggest you just quote me :-). See
sections 3.3.2 and 4.4 of the following:
Availability, Usage and Deployment Characteristics of the Domain Name
System, Internet Measurement Conference 2004, J. Pang, et. al
At some point transient address pools are limited and presumably so
are the possible numbers of new bots, particularly within netblocks.
Is there any accounting for that? Shouldn't there be? What will the
effect of doing that be on the numbers?
John
