North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RFC: public efforts in the botnets realm
Hi, this is an FYI. A discussion will now commense on the DA list to try and measure if public efforts are indeed a good idea, and how much good vs. bad they cause in the fight against botnets, distributed denial of service attacks, Internet survivability and online crime, as it can indeed be measured. I would also like the community's opinion on the subject at hand, so that we can relay it and make a more client-oriented decision (take the needs of the community into consideration as well). Thanks, Gadi. ---------- Forwarded message ---------- Date: Mon, 22 May 2006 02:02:48 -0500 (CDT) From: Gadi Evron <[email protected]> To: <closed botnets list> Subject: public efforts Hi guys. our public efforts in the botnet realm thus far consist of *mainly*: 1. The monthly C&C report. 2. Public botnet reporting to us. 3. Public discussion list. The monthly report is now largely accepted by most in the net-ops community as reliable, and it meets the test of scrutiny. We had some early bumps on how we represent data, what data we want to show and what information we want to deduce from it - but I think we are there now. Public botnet reporting to us is going great. I stopped relaying them to the list is it is extremely time consuming for me, but they are dealt with. As soon as a volunteer who doesn't just want to talk to the press and take them off my back but also do this work comes along, we will get these again here too. The public discussion list has in my opinion brought an immense public awareness, law enforcement interest and industry work. Little to no new information was divulged there that the Bad Guys would not already know with their gigs of bot sources and exchange networks (not to mention support web forums). That's just my opinion, feel free to chime in. The monthly reports are great, as is getting data from the public of net-ops and sys-admins. The discussion list is on a tight leash, but I would like those of you who have been monitoring it and disagree with me to do so here and tell us why we failed there. If we indeed see the [email protected] list as a success, I would like us to move forward and divulge more redundant already public information to the public, and help move the cause along further than by classifying every bit of useless information as top secret. Thanks, I am looking forward to your input, Gadi. -- "In a good cause, there are no failures, only delayed successes". ~Isaac Asimov, "In a Good Cause".