botnet reporting by AS - what about you?
Rick Wesson
wessorh at ar.com
Fri Aug 12 21:31:21 UTC 2005
> I'd personally love more reporting services that will actually disclose
> information to the ISPs who can actually take action to help straighten
> out their customers. We have far too many people who sit around wringing
> their hands about how horrible the botnets are, but who won't tell anyone
> who can do anything about it out of a paranoid sense of "security". I'm
> not sure this is the best way to go about that though. :)
ok. I'm working on the following service and would like to know if there
is interest to participate. just drop a not off list if you want to play.
I've been producing daily reports for about 60 ASes in a report via
email. It is taking significant cycles to produce and I could only hand
another 60 or so networks. Since this won't scale for me I've decided to
do near real-time reports over jabber
the idea is to publish reports in the following style:
anti phishing reports go to the Domain Registrar and AS manager for
the IP space hosting the phish site.
botnets, virus infectors, open proxies etc the IP manager get
notified.
spamertisements, spam senders will notify the registrar
the reports are text, human readable RFC-822 style headers.
I should have the signup page done next week, i should publish it in
this notice but I'm just looking for feedback if doing the above is
something the community would participate in.
I'd like something that scales and what I've done thus far just won't scale.
comments (flames?) please.
-rick
More information about the NANOG
mailing list