North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: advise on network security report
On Tue, 31 Oct 2006, Rick Wesson wrote: > I beg to differ, wither I aggregate my announcements does not impact the > $50B charge identity theft puts on the US economy. > > would it assist if I associated a dollar value for each bot hosted, we > can estimate the number of credit cards stolen per bot and extrapolate > in to something with some zeros on it. I experimented with a lot of topics on NANOG which the charter suggests, and found that botnets and $-value only work if they directly impact an ISP (not its users or immense corporate networks), meaning - something which helps/stops an ISP from running. I.e., $$$ loss to the ISP. $ value to the US economy just fascilitates faster move toward the usual and inevitable forking of the thread and flaming. > > Sharing summaries to communities like dshield, NSP-SEC, DA, SANs and > > other security mitigation communities along with a subscription web page > > that would allow an organization to get enough details to take action. > > nsp-sec players still won't let us in their sand-box... but we will > share to the communities you have enumerated. You heard what people here want/don't want, do your thing. From my experience, you also got about 10-20 emails off-list, in support. Most flames come on-list. Openly available data that will show us which networks we need to worry about will be valuable. In the C&C report we now have "networks with 100% resolved". Two years ago we wouldn't have even considered that category. We didn't even consider using exact numbers due to "help bad guys scare". We quantified it, found out what's useful (what ISPs want/ISPs REALLY don't want), and what would be useless. Of your data, do you have information which can tell us what ISPs keep sending out spam despite of continued listing/reporting? Can you tell us what ISPs do real good work? A not-too-often coming report would be very interesting, especially because it is public, if you can make it reliable. For more exact and regular figures, I'd say go with a private feed. It is possible we are all wrong. Start with once a month and grow to even once a day if we find it's just what we have all been looking for. > -rick > Gadi.