North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking )

  • From: Paul Ferguson
  • Date: Tue Jul 24 16:51:12 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Christopher Morrow <[email protected]> wrote:

>I'd love to see CPE dsl/cable-modem providers integrate with a 'service'
>that lists out 'bad' things. it'd be nice if the user could even tailor
>that list (just C&C or C&C + child-porn or C&C older not than X
>days/hours/minutes) ... I think it might even help, and be vendor
>>agnostic (from a provide and hardware) perspective.  

Ironically, that is exactly part of a product announcement that
we (Trend Micro) are making on 30 July.

Since this topic arose, I saw Trend mentioned as a possible
product "culprit" in this scenario, but it isn't. Yet. :-)

The particular service to be announced on Monday (BIS, or Botnet
Identification Service), is nothing more than a BGP feed of _known_
and _vetted_ botnet C&Cs as /32s, intended to be a black-hole feed.

Interested folks should either e-mail me off-list, or just wait for
the official announcement on 30 July.

Cheers,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)

wj8DBQFGplq5q1pz9mNUZTMRAnFzAKCicaHuvoTwJk92hPOOu2E/ofjhegCcCrMc
XCA4rpUCimConxtKV/Qrsfs=
=N2f1
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/