Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...]
randy at psg.com
Fri Dec 19 21:23:08 CST 2008
>> be specific, like "if you run X tools the payoff will be Y."
> Yes. And where is the appropriate form for this?
there must be some operators' list somewhere.
> it doesn't seem like the sort of thing NANOG is for
yep. nanog is for whining about it, not doing/saying something actually
constructive with technical content.
> speaking as a small provider, I can tell you that I find running snort
> against my inbound traffic does reduce the cost of running an abuse desk.
> I do catch offenders before I get abuse@ complaints, sometimes.
unfortunately snort does not really scale to a larger provider. and, to
the best of my poor knowledge, good open source tools to
black-hole/redirect botted users are not generally available.
universities have some that are good at campus and enterprise scale.
cymru and a few security researchers responded privately to my plea for
solid open source tool sets and refs. knowing the folk involved, maybe
we'll see some motion. patience is a virtue, within limits.
More information about the NANOG