North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Are botnets relevant to NANOG?

  • From: Sean Donelan
  • Date: Fri May 26 16:18:22 2006

On Fri, 26 May 2006, John Kristoff wrote:
> What I'd be curious to know in the numbers being thrown around if there
> has been any accounting of transient address usage.  Since I'm spending

I worked with Adlex to update their software to identify and track dynamic
addresses associated with subscriber RADIUS information.  At the time,
Adlex (now CompuWare) was the only off-the-shelf software that matched
unique subscriber RADIUS instead of just IP address. It is behavior based,
so not absolutely 100% accurate, but it is useful for long term trending
"bot-like" unique subscribers instead of dynamic IP addresses.  I presented
some public numbers at an NSP-SEC BOF.  There is a large difference
between the number of unique subscribers versus the number of dynamic IP
addresses detected by various public detectors.