The NIST has proposed a framework for operators to notify botnet victims.

The call for comments and article discussing it are described here:


https://www.infosecisland.com/blogview/17021-Government-Proposes-ISPs-Notif
y-Victims-of-Botnets.html#.TotXA6C-16Q.twitter

"Comments on the proposed Code of Conduct and botnet reporting initiative
are due on or before 5 p.m. EDT, November 4, 2011.
Written
 comments on the proposal may be submitted by mail to the National
Institute of  Standards and Technology at the U.S. Department of
Commerce, 1401  Constitution Avenue, NW., Room 4822, Washington, DC
20230. Submissions  may be in any of the following formats: HTML, ASCII,
 Word, rtf, or pdf.
Online comment submissions in electronic form may be sent to
consumer_notice_...@nist.gov.
  Paper submissions should include a compact disc (CD). CDs should be
labeled with the name and organizational affiliation of the filer and
the name of the word processing program used to create the document.
Comments will be posted at http://www.nist.gov/itl/.
A list of questions  are included in the Request for Information, and can
be accessed at the  source link below:
Source:  
http://www.federalregister.gov/articles/2011/09/21/2011-24180/models-to-adv
ance-voluntary-corporate-notification-to-consumers-regarding-the-illicit-us
e-of#p-3
  
<http://www.federalregister.gov/articles/2011/09/21/2011-24180/models-to-ad
vance-voluntary-corporate-notification-to-consumers-regarding-the-illicit-u
se-of#p-3>
"


IMHO this would go a long way to addressing the underlying root cause
(botted machines). 

Regards,

Zachary


On 12/14/10 5:34 PM, "Joel Jaeggli" <joe...@bogus.com> wrote:

>On 12/8/10 6:30 AM, Drew Weaver wrote:
>> Yes, but this obviously completes the 'DDoS attack' and sends the
>>signal that the bully will win.
>
>it's part of a valid mitigation strategy. shifting the target out from
>underneath the blackholed address is also part of the activity. that's
>easier in some cases than others. the bots will move and you play whack
>a rat with your upstreams.
>
>joel
>
>> -Drew
>
>> From: alvaro.sanc...@adinet.com.uy
>>[mailto:alvaro.sanc...@adinet.com.uy]
>> Sent: Wednesday, December 08, 2010 8:46 AM
>> To: rdobb...@arbor.net; North American Operators' Group
>> Subject: Re: Over a decade of DDOS--any progress yet?
>> 
>> A very common action is to blackhole ddos traffic upstream by sending a
>> bgp route to the next AS with a preestablished community indicating the
>> traffic must be sent to Null0. The route may be very specific, in order
>> to impact as less as possible. This needs previous coordination between
>> providers.
>> Regards.
>> 
>


Reply via email to