short Botnet list and Cashing in on DoS

Gadi Evron ge at
Sat Oct 9 04:08:08 UTC 2004

> Only when they do something about it.

Trouble? When they have 40K extra users to pay for bandwidth (easily 
eats up a T1 or two), it's damage enough. Besides, would you like 
someone to launch "cyber A-Bombs" (phaa) from your network?

>>1. Worrying about personal privacy of their users, not wanting to bend 
>>too many rules to fight these drones that *appear* like regular users.
> Appear? If you own one of the blocks below, please do something about it.

And I know people who mail abuse reports for hundreds of such *lists*, 
something /rarely/ gets done.

One thing they focus on it taking down control web pages. For example if 
the runner would give a command: 'update' 
or if the drones spam themselves on irc.. then it's all about the abuse 
teams. Some are really responsive, some just ignore.

Last time I took the time to inform ISP's about such a list was when it 
was a 700 large army of *nix boxes. Haven't seen one of those for years 
before that. It was 3 months ago or so.

It was rather funny really. Lesson learned: don't use hostnames like 
"securebox" or "secureserver1" or such.

> sadsa``` ~orion at  Don't Touch Me  
> `o`hj`h` ~orion at  Don't Touch Me  
> TaiFrunze ~orion at  Don't Touch Me  


I try and take care personally of drones and abusers I see coming from 
Israel.. it's way too much work and annoyance as it is, thanks though.

Most ISP's truly don't want this as their own problem. I personally 
don't blame them. Luckily the ISP I work for has no home users.

If you have any problem in Israel, whether with finding a contact or 
reaching law enforcement - feel free to email me and I'd be glad to find 
you a contact.


More information about the NANOG mailing list