>-Original Message-
>From: Bradley Freeman [mailto:bradley.free...@csirt.ja.net]
>Sent: Tuesday, August 11, 2009 6:37 AM
>To: 'NANOG'
>Subject: RE: Botnet hunting resources
>
>I surprised that nobody has mentioned the work of shadowserver.org,
they
>ar
Jack Bates wrote:
J.D. Falk wrote:
Hi, Luke! MAAWG recently published a document to help ISPs deal with
infected machines in their networks. It's not the same kind of
pressure, but (as we learned with open relays at MAPS) pressure isn't
very effective unless there are tools available to deal wi
Conficker with almost 0% false positives.
Cheers
Bradley
-Original Message-
From: Jack Bates [mailto:jba...@brightok.net]
Sent: 11 August 2009 14:11
To: J.D. Falk
Cc: NANOG
Subject: Re: Botnet hunting resources
J.D. Falk wrote:
> Hi, Luke! MAAWG recently published a document to help I
J.D. Falk wrote:
Hi, Luke! MAAWG recently published a document to help ISPs deal with
infected machines in their networks. It's not the same kind of
pressure, but (as we learned with open relays at MAPS) pressure isn't
very effective unless there are tools available to deal with the problem.
Luke S Crawford wrote:
1. are there people who apply pressure to ISPs to get them to shut down
botnets, like maps did for spam?
Hi, Luke! MAAWG recently published a document to help ISPs deal with
infected machines in their networks. It's not the same kind of pressure,
but (as we learned w
>Why do you think this might be? Fear of (extralegal) retaliation by
>botnet owners? or fear of getting sued by listed network owners?
[TLB:] No more than any anti-spam RBL
or
>is
>the idea (shunning packets from ISPs that host botnets) fundamentally
>unsound?
>
[TLB:] That's an ongoing ragi
On Aug 10, 2009, at 5:34 AM, Nathan Ward wrote:
On 10/08/2009, at 8:11 PM, goe...@anime.net wrote:
such a list would include all of chinanet and france telecom. it
would likely not last long.
You've mentioned France twice now. Is there a big botnet problem
there? I've never heard of anyt
On 10/08/2009, at 8:11 PM, goe...@anime.net wrote:
such a list would include all of chinanet and france telecom. it
would likely not last long.
You've mentioned France twice now. Is there a big botnet problem
there? I've never heard of anything like that.
I'll admit I don't follow this area
On Mon, 10 Aug 2009, Luke S Crawford wrote:
goe...@anime.net writes:
On Fri, 8 Aug 2009, Luke S Crawford wrote:
1. are there people who apply pressure to ISPs to get them to shut down
botnets, like maps did for spam?
sadly no.
...
Why do you think this might be? Fear of (extralegal) retalia
goe...@anime.net writes:
> On Fri, 8 Aug 2009, Luke S Crawford wrote:
> > 1. are there people who apply pressure to ISPs to get them to shut down
> > botnets, like maps did for spam?
>
> sadly no.
...
Why do you think this might be? Fear of (extralegal) retaliation by
botnet owners? or fear o
On Fri, 8 Aug 2009, Luke S Crawford wrote:
1. are there people who apply pressure to ISPs to get them to shut down
botnets, like maps did for spam?
sadly no.
I've got 50 gigs of packet captures, and have been going through with
perl to detect IPs who send me lots of tcp packets with 0 payload
rgmr.com]
Sent: Saturday, August 08, 2009 3:15 AM
To: Roland Dobbins
Cc: NANOG list
Subject: Re: Botnet hunting resources (was: Re: DOS in progress ?)
Roland Dobbins writes:
> On Aug 8, 2009, at 11:57 AM, Luke S Crawford wrote:
>
> > 2. is there a standard way to push a null-ro
Roland Dobbins wrote:
>
> On Aug 8, 2009, at 11:57 AM, Luke S Crawford wrote:
>
>> 2. is there a standard way to push a null-route on the attackers
>> source IP upstream?
>
> Sure - if you apply loose-check uRPF (and/or strict-check, when you can
> do so) on Cisco or Juniper routers, you can c
Roland Dobbins writes:
> On Aug 8, 2009, at 11:57 AM, Luke S Crawford wrote:
>
> > 2. is there a standard way to push a null-route on the attackers
> > source IP upstream?
>
> Sure - if you apply loose-check uRPF (and/or strict-check, when you
> can do so) on Cisco or Juniper routers, you can c
On Aug 8, 2009, at 11:57 AM, Luke S Crawford wrote:
2. is there a standard way to push a null-route on the attackers
source IP upstream?
Sure - if you apply loose-check uRPF (and/or strict-check, when you
can do so) on Cisco or Juniper routers, you can combine that with the
blackhole to
Jorge Amodio writes:
> Are folks seeing any major DOS in progress ?
>
> Twitter seems to be under one and FB is flaky.
>From what I understand, it's quite common. I got hammered last week.
It took out some routers at my upstream (it was a tcp syn flood attack,
a whole lot of really small packe
16 matches
Mail list logo
