short Botnet list and Cashing in on DoS

Hannigan, Martin hannigan at verisign.com
Wed Oct 20 19:14:29 UTC 2004


> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
> Paul Vixie
> Sent: Thursday, October 07, 2004 12:29 PM
> To: nanog at merit.edu
> Subject: Re: short Botnet list and Cashing in on DoS
> 
> 
> 
> > > ..., a-la spamhaus. Bothaus anyone?
> > 
> > The problem with that is the list rapidly updates and must 
> be maintained
> > with some level of frequency and there's a level of trust 
> involved in it
> > as well.
> 
> i consider www.cymru.com to be an excellent beginning toward 
> that goalset.
> 
> > Going after the bots is lesser effort.  The controllers are 
> a priority.
> 
> wide scale BCP38 conformity is the only way any of this will 
> ever happen.


You mean the bots? The controllers are behind the bots. Also, 
in John's presentation..:

http://www.nanog.org/mtg-0410/pdf/kristoff.pdf

[..]we additionally request that they resolve the RR to 127.0.0.3
before they lock out and reload the zone.

We picked 127/8 as the standard. RFC 1918 wasn't suitable
for obvious reasons.

-M




More information about the NANOG mailing list