[98082] in North American Network Operators' Group
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Tue Jul 24 16:29:34 2007
From: "Paul Ferguson" <fergdawg@netzero.net>
Date: Tue, 24 Jul 2007 20:02:18 GMT
To: christopher.morrow@verizonbusiness.com
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- Christopher Morrow <christopher.morrow@verizonbusiness.com> wrote:
>I'd love to see CPE dsl/cable-modem providers integrate with a 'service=
'
>that lists out 'bad' things. it'd be nice if the user could even tailor=
>that list (just C&C or C&C + child-porn or C&C older not than X
>days/hours/minutes) ... I think it might even help, and be vendor
>>agnostic (from a provide and hardware) perspective. =
Ironically, that is exactly part of a product announcement that
we (Trend Micro) are making on 30 July.
Since this topic arose, I saw Trend mentioned as a possible
product "culprit" in this scenario, but it isn't. Yet. :-)
The particular service to be announced on Monday (BIS, or Botnet
Identification Service), is nothing more than a BGP feed of _known_
and _vetted_ botnet C&Cs as /32s, intended to be a black-hole feed.
Interested folks should either e-mail me off-list, or just wait for
the official announcement on 30 July.
Cheers,
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
wj8DBQFGplq5q1pz9mNUZTMRAnFzAKCicaHuvoTwJk92hPOOu2E/ofjhegCcCrMc
XCA4rpUCimConxtKV/Qrsfs=3D
=3DN2f1
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
