short Botnet list and Cashing in on DoS

Gadi Evron ge at
Thu Oct 7 16:19:59 UTC 2004

> Going after the bots is lesser effort. The controllers are
> a priority.

That's not happening.

AV companies are mostly interested in hyping the latest worm or 
semi-worm. Drone armies, hundreds of thousands large (no exaggeration) 
are just too much of an effort with 1000+ new Trojan horses coming out 
every month.

Also, there are virtually no resources directed at this problem except 
for a _few_ numbered concerned individuals from various corporate 
security teams and a few people who use IRC networks, world-wide.

As long as so many computers are out there for the taking, it is almost 
an impossible war.

Maybe it would be possible to check if any users from a location you are 
in-charge of are connecting to these IP's and sending them an automated 
email about their security plus a deal on an AV product (whatever it is 
worth for this)?
I doubt many here have the time to even consider such an effort, even 
with the deal.

There are easier ways, such as seeing who in a said network connects out 
with recognized signatures.. again, I doubt many would bother.

Spam, viruses, it all revolves around the same problem. The users 
en-masse are a serious risk on the macro level. Besides, with so many 
drones around and infected machines - who needs a proxy to be anonymous?

	Gadi Evron.

More information about the NANOG mailing list