North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Are botnets relevant to NANOG?

  • From: Peter Dambier
  • Date: Fri May 26 16:29:28 2006

Sean Donelan wrote:
On Fri, 26 May 2006, John Kristoff wrote:

What I'd be curious to know in the numbers being thrown around if there
has been any accounting of transient address usage.  Since I'm spending
I worked with Adlex to update their software to identify and track dynamic
addresses associated with subscriber RADIUS information.  At the time,
Adlex (now CompuWare) was the only off-the-shelf software that matched
unique subscriber RADIUS instead of just IP address. It is behavior based,
so not absolutely 100% accurate, but it is useful for long term trending
"bot-like" unique subscribers instead of dynamic IP addresses.  I presented
some public numbers at an NSP-SEC BOF.  There is a large difference
between the number of unique subscribers versus the number of dynamic IP
addresses detected by various public detectors.
Just an afterthought, traceroute and take the final router. I guess for
aDSL home users you will find some 8 or 11 routers in germany. My final
router never changes. Of course there can hide more than one bad guy
behind that router.

Kind regards
Peter and Karin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP:
mail: [email protected]
mail: [email protected]