North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: botnet reporting by AS - what about you?
On Sat, 13 Aug 2005, Fergie (Paul Ferguson) wrote: > Chris, > > I can assure you that the Drone Army project is not run that > way, and is quite useful, effective, etc. > > The folks behind the DA Project are certainly professionals... > ...and the infromation is quite useable, parse-able, and genuine. cool, among the 800k+ complaints we see a month (yes, 800k) there are quite a few completely useless ones :( Anything sent in as a complaint has to have complete and useful information, else it's hard/impossible to action properly. It'd help if the format it was sent in was also machine parseable :) With 800k+ complaints/month I'm not sure people want to spend time figuring each one out, a script/machine should be doing as much as possible. > > - ferg > > -- "Christopher L. Morrow" <[email protected]> wrote: > > perhaps we could back up and ask: > > 1) why are you not using the arin/ripe/apnic/japnic/krnic/lacnic poc's for > these asn's? certainly some are not up to date, but there are a large > number that are... > 2) what is this for again? > 3) are you planning on sending something to these poc's? > 4) what are you planning on sending to them? > 5) how often should they expect to see something, and from 'whom'? > 6) looked at the INCH working group in IETF, thought about using some of > these evolving standards for your alerts/messags/missives? > 7) please don't send in bmp files of traceroutes (make the info you send > in complete and usable... 'I saw a bot on ip 12' is not useable, as an > fyi) > > -Chris > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > [email protected] or [email protected] > ferg's tech blog: http://fergdawg.blogspot.com/ >
|