networks with many issues
Rick Wesson
wessorh at ar.com
Thu Jul 21 17:42:48 UTC 2005
I've come across a few requests for reports with over 10,000 issues. for
the net ops folks that might have huge blocks with many issues -- what
is the most relivant information? Also, how does one go about solving a
large set of issues across a huge address space?
Basickly I'm wondering if I can't build some tools to make life easyer
and use the reports as an input to the tools.
Also I'd be interested in how large reports should be broken down. I
have the issue, address, reverse dns, source and timestamp. would it be
best to group the report by issue type.
The issues I am track are
Open Proxy (http, socks, other)
Website with vunerabilities
Spam source( spammed honney pot, spamtrap)
Open Relay (smtp)
Understand the timestamp is the time I saw the issue from the RBL. I
import data at best hourly and the DNSRBLs don't all have timestamps for
their data.
I am generaly interested in understanding how to produce information and
tools that the large operaters can utilize effectively.
I'd appreciate any thoughts and ideas on how to hande these problems.
-rick
More information about the NANOG
mailing list