North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...]
be specific, like "if you run X tools the payoff will be Y."Yes. And where is the appropriate form for this? there must be some operators' list somewhere. > it doesn't seem like the sort of thing NANOG is for yep. nanog is for whining about it, not doing/saying something actually constructive with technical content. </sarcasm> speaking as a small provider, I can tell you that I find running snort against my inbound traffic does reduce the cost of running an abuse desk. I do catch offenders before I get [email protected] complaints, sometimes. unfortunately snort does not really scale to a larger provider. and, to the best of my poor knowledge, good open source tools to black-hole/redirect botted users are not generally available. universities have some that are good at campus and enterprise scale. cymru and a few security researchers responded privately to my plea for solid open source tool sets and refs. knowing the folk involved, maybe we'll see some motion. patience is a virtue, within limits. randy
|