North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: botnet reporting by AS - what about you?

  • From: Christopher L. Morrow
  • Date: Fri Aug 12 23:56:24 2005


On Sat, 13 Aug 2005, Fergie (Paul Ferguson) wrote:

> Chris,
>
> I can assure you that the Drone Army project is not run that
> way, and is quite useful, effective, etc.
>
> The folks behind the DA Project are certainly professionals...
> ...and the infromation is quite useable, parse-able, and genuine.

cool, among the 800k+ complaints we see a month (yes, 800k) there are
quite a few completely useless ones :( Anything sent in as a complaint has
to have complete and useful information, else it's hard/impossible to
action properly.

It'd help if the format it was sent in was also machine parseable :) With
800k+ complaints/month I'm not sure people want to spend time figuring
each one out, a script/machine should be doing as much as possible.

>
> - ferg
>
> -- "Christopher L. Morrow" <[email protected]> wrote:
>
> perhaps we could back up and ask:
>
> 1) why are you not using the arin/ripe/apnic/japnic/krnic/lacnic poc's for
> these asn's? certainly some are not up to date, but there are a large
> number that are...
> 2) what is this for again?
> 3) are you planning on sending something to these poc's?
> 4) what are you planning on sending to them?
> 5) how often should they expect to see something, and from 'whom'?
> 6) looked at the INCH working group in IETF, thought about using some of
> these evolving standards for your alerts/messags/missives?
> 7) please don't send in bmp files of traceroutes (make the info you send
> in complete and usable... 'I saw a bot on ip 12' is not useable, as an
> fyi)
>
> -Chris
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  [email protected] or [email protected]
>  ferg's tech blog: http://fergdawg.blogspot.com/
>