North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Are botnets relevant to NANOG?

  • From: Peter Dambier
  • Date: Fri May 26 16:29:28 2006

Sean Donelan wrote:
On Fri, 26 May 2006, John Kristoff wrote:

What I'd be curious to know in the numbers being thrown around if there
has been any accounting of transient address usage.  Since I'm spending
I worked with Adlex to update their software to identify and track dynamic
addresses associated with subscriber RADIUS information.  At the time,
Adlex (now CompuWare) was the only off-the-shelf software that matched
unique subscriber RADIUS instead of just IP address. It is behavior based,
so not absolutely 100% accurate, but it is useful for long term trending
"bot-like" unique subscribers instead of dynamic IP addresses.  I presented
some public numbers at an NSP-SEC BOF.  There is a large difference
between the number of unique subscribers versus the number of dynamic IP
addresses detected by various public detectors.

http://www.compuware.com/products/vantage/4920_ENG_HTML.htm
Just an afterthought, traceroute and take the final router. I guess for
aDSL home users you will find some 8 or 11 routers in germany. My final
router never changes. Of course there can hide more than one bad guy
behind that router.

Kind regards
Peter and Karin

--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: [email protected]
mail: [email protected]
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/