North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Are botnets relevant to NANOG?
On Fri, 26 May 2006, John Kristoff wrote: > What I'd be curious to know in the numbers being thrown around if there > has been any accounting of transient address usage. Since I'm spending I worked with Adlex to update their software to identify and track dynamic addresses associated with subscriber RADIUS information. At the time, Adlex (now CompuWare) was the only off-the-shelf software that matched unique subscriber RADIUS instead of just IP address. It is behavior based, so not absolutely 100% accurate, but it is useful for long term trending "bot-like" unique subscribers instead of dynamic IP addresses. I presented some public numbers at an NSP-SEC BOF. There is a large difference between the number of unique subscribers versus the number of dynamic IP addresses detected by various public detectors. http://www.compuware.com/products/vantage/4920_ENG_HTML.htm