North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: advise on network security report

  • From: Steve Atkins
  • Date: Mon Oct 30 12:40:29 2006

On Oct 30, 2006, at 9:23 AM, Rick Wesson wrote:

Fergie wrote:
It would interesting to know how you classify "incidents" in the
table below....
any one of the following:

 o being put on a major DNS black list (spamcop, spamhaus, ahbl etc.)
 o hosting malware or phishing sites, open proxies
 o sending LOTS of SPAM, virus
 o IRC abuse
 o Botnet C&C
 o hoping glue/fast flux
 o abusive, vulnerable web servers
Some of those are clearly ludicrous to count as "incidents" at all, and some
of them aren't obviously a single incident, by any reasonable measure so if you're
planning to aggregate them all together into a single count the end
result is also going to be worthless. Some other way of aggregating
the data might be more useful.

(I also suspect that a subjective popularity contest list of providers is
not likely to be viewed as operational by many on nanog, though I
think some of the underlying data might be).