[90495] in North American Network Operators' Group
Re: Are botnets relevant to NANOG?
daemon@ATHENA.MIT.EDU (Peter Dambier)
Fri May 26 16:28:55 2006
Date: Fri, 26 May 2006 22:28:35 +0200
From: Peter Dambier <peter@peter-dambier.de>
Reply-To: peter@peter-dambier.de
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0605261548350.6569@clifden.donelan.com>
Errors-To: owner-nanog@merit.edu
Sean Donelan wrote:
> On Fri, 26 May 2006, John Kristoff wrote:
>
>>What I'd be curious to know in the numbers being thrown around if there
>>has been any accounting of transient address usage. Since I'm spending
>
>
> I worked with Adlex to update their software to identify and track dynamic
> addresses associated with subscriber RADIUS information. At the time,
> Adlex (now CompuWare) was the only off-the-shelf software that matched
> unique subscriber RADIUS instead of just IP address. It is behavior based,
> so not absolutely 100% accurate, but it is useful for long term trending
> "bot-like" unique subscribers instead of dynamic IP addresses. I presented
> some public numbers at an NSP-SEC BOF. There is a large difference
> between the number of unique subscribers versus the number of dynamic IP
> addresses detected by various public detectors.
>
> http://www.compuware.com/products/vantage/4920_ENG_HTML.htm
Just an afterthought, traceroute and take the final router. I guess for
aDSL home users you will find some 8 or 11 routers in germany. My final
router never changes. Of course there can hide more than one bad guy
behind that router.
Kind regards
Peter and Karin
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter@peter-dambier.de
mail: peter@echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
