[93187] in North American Network Operators' Group
Re: advise on network security report
daemon@ATHENA.MIT.EDU (Steve Atkins)
Mon Oct 30 12:38:10 2006
In-Reply-To: <4546351F.1090107@ar.com>
From: Steve Atkins <steve@blighty.com>
Date: Mon, 30 Oct 2006 09:32:15 -0800
To: North American Network Operators Group <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
On Oct 30, 2006, at 9:23 AM, Rick Wesson wrote:
>
> Fergie wrote:
>> Rick,
>> It would interesting to know how you classify "incidents" in the
>> table below....
>
> any one of the following:
>
> o being put on a major DNS black list (spamcop, spamhaus, ahbl etc.)
> o hosting malware or phishing sites, open proxies
> o sending LOTS of SPAM, virus
> o IRC abuse
> o Botnet C&C
> o hoping glue/fast flux
> o abusive, vulnerable web servers
Some of those are clearly ludicrous to count as "incidents" at all,
and some
of them aren't obviously a single incident, by any reasonable measure
so if you're
planning to aggregate them all together into a single count the end
result is also going to be worthless. Some other way of aggregating
the data might be more useful.
(I also suspect that a subjective popularity contest list of
providers is
not likely to be viewed as operational by many on nanog, though I
think some of the underlying data might be).
Cheers,
Steve
